First published: Fri Nov 13 2020(Updated: )
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM B2B Sterling Integrator | <=6.0.0.0 - 6.0.3.2 | |
IBM B2B Sterling Integrator | <=5.2.0.0 - 5.2.6.5_2 | |
IBM B2B Sterling Integrator | >=5.2.0.0<=5.2.6.5 | |
IBM B2B Sterling Integrator | >=6.0.0.0<=6.0.3.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-4475 is classified as a moderate vulnerability as it can lead to sensitive information disclosure.
To fix CVE-2020-4475, you should update IBM Sterling B2B Integrator to version 6.0.3.2 or 5.2.6.5 or later.
CVE-2020-4475 affects IBM Sterling B2B Integrator versions 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2.
CVE-2020-4475 could allow a remote attacker to obtain sensitive information from detailed technical error messages.
Yes, the information obtained through CVE-2020-4475 can be used in subsequent attacks against the system.