CVE-2024-27263

Published: Jan 28, 2025Modified: Mar 5, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.6 / Impact: 3.6

Source: psirt@us.ibm.com (Secondary)

Description

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle techniques.

Affected (2)

Products: Ibm: Sterling B2b Integrator

Ibm

1 product

Sterling B2b Integrator

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Sterling B2b Integrator	From 6.0.0.0 to 6.1.2.5
Ibm Sterling B2b Integrator	From 6.2.0.0 to 6.2.0.1

Related CWEs

CWE-300

Channel Accessible by Non-Endpoint

The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.

References (1)

https://www.ibm.com/support/pages/node/7176072

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.