CVE-2024-27263

EPSS 0.03%
Published 28.01.2025 01:15:08
Last modified 04.03.2025 21:58:37
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle techniques.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Sterling B2b Integrator Version >= 6.0.0.0 <= 6.1.2.5

Ibm ≫ Sterling B2b Integrator Version >= 6.2.0.0 <= 6.2.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.067

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
psirt@us.ibm.com	5.3	1.6	3.6	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-300 Channel Accessible by Non-Endpoint

The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.

https://www.ibm.com/support/pages/node/7176072

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-27263

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-27263

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-27263

EUVD