CVE-2021-20376 — Observable Discrepancy in IBM Sterling B2B Integrator

CWE-203 — Observable Discrepancy CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 69.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Sterling B2B Integrator IBM Sterling File Gateway

Timeline

PublishedOct 7

Latest updateMay 24

Description

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/sterling_file_gateway6 versions+5

▶NVDibm/sterling_b2b_integrator2.2.0.0 — 5.2.6.5_3+2

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-6ww2-4r5v-mm62: IBM Sterling File Gateway 2↗2022-05-24

▶

CVEList

CVE-2021-20376: IBM Sterling File Gateway 2↗2021-10-07

▶