CVE-2019-4222 — Improper Privilege Management in IBM Sterling B2B Integrator

CWE-269 — Improper Privilege Management5 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 68.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Sterling B2B Integrator

Timeline

PublishedApr 25

Latest updateMay 24

Description

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could allow an authenticated user to view process definition of a business process without permission. IBM X-Force ID: 159231.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/sterling_b2b_integrator6.0.0.0, 6.0.0.1+1

▶NVDibm/sterling_b2b_integrator6.0.0.0, 6.0.0.1+1

🔴Vulnerability Details

GHSA

GHSA-vrr3-m9rh-w6rg: IBM Sterling B2B Integrator Standard Edition 6↗2022-05-24

▶

CVEList

CVE-2019-4222: IBM Sterling B2B Integrator Standard Edition 6↗2019-04-25

▶

💬Community

Bugzilla

CVE-2019-18802 envoy: malformed request header may cause bypass of route matchers resulting in escalation of privileges or information disclosure↗2019-11-18

▶

Bugzilla

CVE-2019-18838 envoy: malformed HTTP request without the Host header may cause abnormal termination of the Envoy process↗2019-11-18

▶