8.1
CVE-2014-0927
- EPSS 0.36%
- Veröffentlicht 20.04.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 02:03:03
- Quelle psirt@us.ibm.com
- Teams Watchlist Login
- Unerledigt Login
The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to bypass authentication by leveraging knowledge of the port number and webapp path. IBM X-Force ID: 92259.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Sterling B2b Integrator Version5.1
Ibm ≫ Sterling B2b Integrator Version5.2
Ibm ≫ Sterling File Gateway Version2.1
Ibm ≫ Sterling File Gateway Version2.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Typ | Quelle | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.36% | 0.554 |
Quelle | Base Score | Exploit Score | Impact Score | Vector String |
---|---|---|---|---|
nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.