CVE-2021-38928

Name of the Vulnerable Software and Affected Versions IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.1.2.1

Description The issue is related to the use of Cross-Origin Resource Sharing (CORS) in IBM Sterling B2B Integrator Standard Edition. This could allow an attacker to carry out privileged actions and retrieve sensitive information because the domain name is not limited to only trusted domains.

Recommendations For versions 6.0.0.0 through 6.1.2.1, consider restricting access to the CORS feature to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the domain name to only trusted domains to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.