CVE-2015-7445

4.3MEDIUM

Key Information:

Vendor
IBM
Status
B2b Advanced Communications
Vendor
CVE Published:
1 January 2016

Summary

IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21972480
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1IT12573
vendor-advisoryx_refsource_AIXAPAR
http://www.securityfocus.com/bid/79681
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.