CVE-2015-5022

IBM B2B Advanced Communications 1.0.0.2-1.0.0.3 - Authenticated Exposure of Sensitive Information via Response Fields

Title source: llm
STIX 2.1

Description

IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields.

References (2)

Core 2
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT10702
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21967334

Scores

EPSS 0.0109
EPSS Percentile 61.3%

Details

CWE
CWE-200
Status published
Products (3)
ibm/b2b_advanced_communications 1.0.0.1
ibm/b2b_advanced_communications 1.0.0.2
ibm/b2b_advanced_communications 1.0.0.3
Published Oct 06, 2015
Tracked Since Feb 18, 2026