IBM Sterling B2B SI 6.06.1.2.5/6.26.2.0.2: HTTP Resp Info Leak
CVE-2023-42010 Published on July 17, 2024
IBM Sterling B2B Integrator Standard Edition information disclosure
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. IBM X-Force ID: 265507.
Vulnerability Analysis
CVE-2023-42010 is exploitable with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
Exposure of Sensitive System Information to an Unauthorized Control Sphere
The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does.
Products Associated with CVE-2023-42010
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-42010 are published in IBM Sterling B2b Integrator:
Affected Versions
IBM Sterling B2B Integrator Standard Edition:- Version 6.0.0.0, <= 6.1.2.5 is affected.
- Version 6.2.0.0, <= 6.2.0.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.