CVE-2016-0210

MEDIUM

IBM Sterling B2B Integrator - Info Disclosure

Title source: llm

Description

IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to disclose sensitive information in the HTTP response.

References (2)

[Patch, Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg21981549

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/90527

Scores

CVSS v3 5.3

EPSS 0.0018

EPSS Percentile 39.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (15)

ibm/sterling_b2b_integrator

IBM Corporation/Sterling B2B Integrator < 5.1

IBM Corporation/Sterling B2B Integrator < 5.2

IBM Corporation/Sterling B2B Integrator < 4.3

IBM Corporation/Sterling B2B Integrator < 5.0

IBM Corporation/Sterling B2B Integrator < 5.2.4

IBM Corporation/Sterling B2B Integrator < -

IBM Corporation/Sterling B2B Integrator < 5.2.1

IBM Corporation/Sterling B2B Integrator < 5.2.2

IBM Corporation/Sterling B2B Integrator < 5.2.3

IBM Corporation/Sterling B2B Integrator < 5.2.4.1

IBM Corporation/Sterling B2B Integrator < 5.2.4.2

IBM Corporation/Sterling B2B Integrator < 5.2.5

IBM Corporation/Sterling B2B Integrator < 5.2.6

Timeline

Published Feb 08, 2017

Tracked Since Feb 18, 2026