CVE-2022-22482Unrestricted File Upload in IBM Sterling B2B Integrator

CWE-434Unrestricted File Upload3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 58.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Sterling B2B Integrator
Timeline
PublishedMay 17
Latest updateMay 18

Description

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a denial of service. IBM X-Force ID: 225977.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDibm/sterling_b2b_integrator6.0.0.06.0.3.5+1
CVEListV5ibm/sterling_b2b_integrator4 versions+3

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-r8pm-crxh-3256: IBM Sterling B2B Integrator Standard Edition 62022-05-18
CVEList
CVE-2022-22482: IBM Sterling B2B Integrator Standard Edition 62022-05-17
CVE-2022-22482 — Unrestricted File Upload in IBM | cvebase