CVE-2019-4063 : IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition could allow

IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition could allow highly sensitive information to be transmitted in plain text. An attacker could obtain this information using man in the middle techniques. IBM X-ForceID: 157008.

Published 2019-03-05 18:29:01

Updated 2023-02-03 18:57:25

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2019-4063

IBM » Sterling B2b Integrator
Versions from including (>=) 5.2.0.1 and up to, including, (<=) 6.0.0.0
cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-4063

EPSS FAQ

0.13%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 30 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-4063

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.9	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	2.2	3.6	IBM Corporation
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	2.2	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2019-4063

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-4063

https://exchange.xforce.ibmcloud.com/vulnerabilities/157008

IBM Sterling B2B Integrator information disclosure CVE-2019-4063 Vulnerability Report
Vendor Advisory;VDB Entry
http://www.securityfocus.com/bid/107310

IBM Sterling B2B Integrator CVE-2019-4063 Information Disclosure Vulnerability
Third Party Advisory;VDB Entry
https://www.ibm.com/support/docview.wss?uid=ibm10874234

IBM Security Bulletin: Information Disclosure Security Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4063)
Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2019-4063

Products affected by CVE-2019-4063

Exploit prediction scoring system (EPSS) score for CVE-2019-4063

CVSS scores for CVE-2019-4063

CWE ids for CVE-2019-4063

References for CVE-2019-4063