CVE-2022-40232

CWE-276 — Incorrect Default Permissions3 documents3 sources

Severity

8.8HIGH

EPSS

0.3%

top 47.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Sterling B2B Integrator Standard Edition IBM Sterling B2B Integrator

Timeline

PublishedFeb 17

Description

IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID: 235597.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

▶CVEListV5ibm/sterling_b2b_integrator_standard_edition6.1.0.0 — 6.1.1.1+1

▶NVDibm/sterling_b2b_integrator6.1.0.0 — 6.1.1.1+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-qcpf-p3gc-mx83: IBM Sterling B2B Integrator Standard Edition 6↗2023-02-17

▶

CVEList

IBM Sterling B2B Integrator Standard Edition improper access control↗2023-02-17

▶