CVE-2018-1564 — Sensitive Information Exposure in IBM Sterling B2B Integrator

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

6.7MEDIUMNVD

CNA4.4

EPSS

0.0%

top 85.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Sterling B2B Integrator

Timeline

PublishedJul 20

Latest updateMay 13

Description

IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow a local user with administrator privileges to obtain user passwords found in debugging messages. IBM X-Force ID: 142968.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/sterling_b2b_integrator5.2.0.1 — 5.2.6.3

▶CVEListV5ibm/sterling_b2b_integrator7 versions+6

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-f9m2-73w9-4c6c: IBM Sterling B2B Integrator Standard Edition 5↗2022-05-13

▶

CVEList

CVE-2018-1564: IBM Sterling B2B Integrator Standard Edition 5↗2018-07-20

▶