CVE-2015-7445

MEDIUM

IBM Multi-Enterprise Integration Gateway <1.0.0.1 & B2B Advanced Co...

Title source: llm

Description

IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses.

References (3)

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg1IT12573

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21972480

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/79681

Scores

CVSS v3 4.3

EPSS 0.0018

EPSS Percentile 39.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (5)

ibm/b2b_advanced_communications

ibm/multi-enterprise_integration_gateway

Timeline

Published Jan 01, 2016

Tracked Since Feb 18, 2026