Vulnerability Details : CVE-2020-4566
IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated user. IBM X-Force ID: 184083.
Exploit prediction scoring system (EPSS) score for CVE-2020-4566
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 22 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2020-4566
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
|
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
IBM Corporation |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
References for CVE-2020-4566
-
https://www.ibm.com/support/pages/node/6367975
Security Bulletin: B2B API Information Disclosure Vulnerability Affects IBM Sterling B2B Integrator (CVE-2020-4566)Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/184083
IBM Sterling B2B Integrator information disclosure CVE-2020-4566 Vulnerability ReportVDB Entry;Vendor Advisory
Products affected by CVE-2020-4566
- IBM » Sterling B2b Integrator » Standard EditionVersions from including (>=) 5.2.6.0 and up to, including, (<=) 5.2.6.5cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*
- IBM » Sterling B2b Integrator » Standard EditionVersions from including (>=) 6.0.0.0 and up to, including, (<=) 6.0.3.2cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*