CVE-2015-5022
IBM B2B Advanced Communications 1.0.0.2-1.0.0.3 - Authenticated Exposure of Sensitive Information via Response Fields
Title source: llmDescription
IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields.
References (2)
Core 2
Core References
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT10702
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21967334
Scores
EPSS
0.0109
EPSS Percentile
61.3%
Details
CWE
CWE-200
Status
published
Products (3)
ibm/b2b_advanced_communications
1.0.0.1
ibm/b2b_advanced_communications
1.0.0.2
ibm/b2b_advanced_communications
1.0.0.3
Published
Oct 06, 2015
Tracked Since
Feb 18, 2026