CVE-2021-39087Incorrect Default Permissions in IBM Sterling B2B Integrator

CWE-276Incorrect Default Permissions3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 68.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Sterling B2B Integrator
Timeline
PublishedAug 16
Latest updateAug 17

Description

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. IBM X-Force ID: 216109.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDibm/sterling_b2b_integrator6.0.0.06.0.3.6+2
CVEListV5ibm/sterling_b2b_integrator6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-7fxj-2493-4xp2: IBM Sterling B2B Integrator Standard Edition 62022-08-17
CVEList
CVE-2021-39087: IBM Sterling B2B Integrator Standard Edition 62022-08-16
CVE-2021-39087 — Incorrect Default Permissions in IBM | cvebase