Описание
IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:b2b_advanced_communications:1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:b2b_advanced_communications:1.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:b2b_advanced_communications:1.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:b2b_advanced_communications:1.0.0.3:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:ibm:multi-enterprise_integration_gateway:1.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00184
Низкий
4.3 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 4.3
github
больше 3 лет назад
IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses.
EPSS
Процентиль: 40%
0.00184
Низкий
4.3 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-200