CVE-2020-4671Log File Information Exposure in IBM Sterling B2B Integrator

CWE-532Log File Information Exposure3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 52.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Sterling B2B Integrator
Timeline
PublishedNov 16
Latest updateMay 24

Description

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDibm/sterling_b2b_integrator5.2.0.05.2.6.5+1
CVEListV5ibm/sterling_b2b_integrator4 versions+3

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-6728-q42c-7jch: IBM Sterling B2B Integrator Standard Edition 62022-05-24
CVEList
CVE-2020-4671: IBM Sterling B2B Integrator Standard Edition 62020-11-16
CVE-2020-4671 — Log File Information Exposure in IBM | cvebase