Vulnerability Details : CVE-2021-38928
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 210323.
Products affected by CVE-2021-38928
- IBM » Sterling B2b Integrator » Standard EditionVersions from including (>=) 6.1.1.0 and before (<) 6.1.1.2cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*
- IBM » Sterling B2b Integrator » Standard EditionVersions from including (>=) 6.0.0.0 and before (<) 6.0.3.7cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*
- IBM » Sterling B2b Integrator » Standard EditionVersions from including (>=) 6.1.0.0 and before (<) 6.1.0.6cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*
- cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.0:*:*:*:standard:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-38928
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 20 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-38928
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
2.8
|
2.5
|
NIST | |
5.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
2.8
|
2.5
|
IBM Corporation |
References for CVE-2021-38928
-
https://www.ibm.com/support/pages/node/6852467
Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnerable to Cross Origin Resource Sharing (CORS) (CVE-2021-38928)Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/210323
VDB Entry;Vendor Advisory
Jump to