CVE-2020-4700IBM Sterling B2B Integrator vulnerability

4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.6%
top 30.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Sterling B2B Integrator
Timeline
PublishedNov 16
Latest updateMay 24

Description

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. IBM X-Force ID: 187077.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDibm/sterling_b2b_integrator5.2.0.05.2.6.5+1
CVEListV5ibm/sterling_b2b_integrator4 versions+3

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-wqh7-jm2p-27w2: IBM Sterling B2B Integrator Standard Edition 62022-05-24
CVEList
CVE-2020-4700: IBM Sterling B2B Integrator Standard Edition 62020-11-16

💬Community

1
Bugzilla
CVE-2018-4700 cups: Predictable session cookie breaks CSRF protection2018-11-13
CVE-2020-4700 — IBM vulnerability | cvebase