Integrator May Confuse Users with Incorrect or Restricted Frame Objects
CVE-2023-42011

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Sterling B2b Integrator Standard Edition
Vendor
CVE Published:
27 June 2024

Summary

IBM Sterling B2B Integrator Standard Edition versions 6.1 and 6.2 exhibit a vulnerability where frame objects or UI layers from another application or domain might not be properly restricted. This flaw can create confusion for users as it increases the risk of interacting with elements from different interfaces. As a result, users may find themselves unsure of which application they are currently using, potentially leading to erroneous actions and breaches in operational protocols. Addressing this issue is crucial for maintaining clarity and integrity in user interactions.

Affected Version(s)

Sterling B2B Integrator Standard Edition 6.1, 6.2

References

https://www.ibm.com/support/pages/node/7158657
vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/265508

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.