CVE-2013-0481

The console in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to read stack traces by triggering (1) an error or (2) an exception.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21627986	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21640830	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/81546

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:sterling_b2b_integrator:5.1:::::::*
	cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:::::::*
	cpe:2.3:a:ibm:sterling_file_gateway:2.1:::::::*
	cpe:2.3:a:ibm:sterling_file_gateway:2.2:::::::*

History

No history.

Information

Published : 2013-07-03 13:54

Updated : 2017-08-29 01:33

NVD link : CVE-2013-0481

Mitre link : CVE-2013-0481

CVE.ORG link : CVE-2013-0481

JSON object : View

Products Affected

ibm

sterling_file_gateway
sterling_b2b_integrator

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2013-0481", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-07-03T13:54:31.020", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627986", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640830", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81546", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The console in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to read stack traces by triggering (1) an error or (2) an exception."}, {"lang": "es", "value": "La consola en IBM Sterling B2B Integrator v5.1 y v5.2 y Sterling File Gateway v2.1 y v2.2 permite a atacantes remotos leer trazas de la pila mediante la activaci\u00f3n de (1) un error o (2) una excepci\u00f3n."}], "lastModified": "2017-08-29T01:33:03.213", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40363692-5283-4D0C-BAE1-C049C02A0294"}, {"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F805BA3A-178D-416E-9DED-4258F71A17C8"}, {"criteria": "cpe:2.3:a:ibm:sterling_file_gateway:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A40AC14-AC2B-4A0D-A9CC-3A00B48D8975"}, {"criteria": "cpe:2.3:a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1554D69E-D68E-46CA-B1F7-C24CAABF58E8"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}