CVE-2023-22595

Name of the Vulnerable Software and Affected Versions IBM B2B Advanced Communications version 1.0.0.0 IBM Multi-Enterprise Integration Gateway version 1.0.0.1

Description This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. The vulnerability enables the embedding of malicious code, which can compromise the security of the system.

Recommendations For IBM B2B Advanced Communications version 1.0.0.0, update to a version that includes a fix for this issue. For IBM Multi-Enterprise Integration Gateway version 1.0.0.1, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the Web UI to minimize the risk of exploitation.