First published: Fri Nov 13 2020(Updated: )
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM B2B Sterling Integrator | <=6.0.0.0 - 6.0.3.2 | |
IBM B2B Sterling Integrator | <=5.2.0.0 - 5.2.6.5_2 | |
IBM B2B Sterling Integrator | >=5.2.0.0<=5.2.6.5 | |
IBM B2B Sterling Integrator | >=6.0.0.0<=6.0.3.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-4671 is considered to have a medium severity due to the exposure of potentially sensitive information in log files.
To fix CVE-2020-4671, update IBM Sterling B2B Integrator to version 6.0.3.3 or later, or 5.2.6.6 or later.
Versions 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 of IBM Sterling B2B Integrator are affected by CVE-2020-4671.
Authenticated users of IBM Sterling B2B Integrator may be impacted by CVE-2020-4671 as they can read sensitive information from log files.
The potential consequences of CVE-2020-4671 include unauthorized access to sensitive information stored in log files, which could lead to data breaches.