CVE-2023-42010 : IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. IBM X-Force ID: 265507.

Published 2024-07-17 17:18:38

Updated 2024-10-19 00:38:41

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2023-42010

IBM » Sterling B2b Integrator » Standard Edition
Versions from including (>=) 6.0.0.0 and up to, including, (<=) 6.1.2.5
cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*
Matching versions
IBM » Sterling B2b Integrator » Standard Edition
Versions from including (>=) 6.2.0.0 and up to, including, (<=) 6.2.0.2
cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-42010

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 20 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-42010

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.1	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N	N/A	N/A	IBM Corporation	2024-07-17
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None
3.7	LOW	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N	2.2	1.4	NIST	2024-10-19
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None
3.1	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N	1.6	1.4	IBM Corporation	2024-07-17
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2023-42010

CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Assigned by:
- 9a959283-ebb5-44b6-b705-dcc2bbced522 (Primary)
- psirt@us.ibm.com (Secondary)

References for CVE-2023-42010

https://www.ibm.com/support/pages/node/7160433

Security Bulletin: IBM Sterling B2B Integrator Standard Edition could disclose sensitive information in the HTTP response
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/265507

IBM Sterling B2B Integrator Standard Edition information disclosure CVE-2023-42010 Vulnerability Report
VDB Entry;Vendor Advisory

Jump to

Vulnerability Details : CVE-2023-42010

Products affected by CVE-2023-42010

Exploit prediction scoring system (EPSS) score for CVE-2023-42010

CVSS scores for CVE-2023-42010

CWE ids for CVE-2023-42010

References for CVE-2023-42010