← Back

CVE-2024-45089

nvd nist
Published: Jan 31, 2025Modified: Mar 5, 2025

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: psirt@us.ibm.com (Secondary)

Description

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition EBICS server could allow an authenticated user to obtain sensitive filename information due to an observable discrepancy.

Affected (2)

Ibm
1 product
Sterling B2b Integrator
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Sterling B2b Integrator
From 6.0.0.0 to 6.1.2.5
Sterling B2b Integrator
From 6.2.0.0 to 6.2.0.3

Related CWEs

CWE-203
Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References (1)

Source: psirt@us.ibm.com
Vendor Advisory

Timeline

No history available yet.