Integrator May Confuse Users with Incorrect or Restricted Frame Objects

CVE-2023-42011

5.4MEDIUM

Key Information

Vendor: IBM
Status: Sterling B2b Integrator Standard Edition
Vendor: CVE Published:; 27 June 2024

Summary

IBM Sterling B2B Integrator Standard Edition 6.1 and 6.2 does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. IBM X-Force ID: 265508.

Affected Version(s)

Sterling B2B Integrator Standard Edition = 6.1, 6.2

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published.
Jun 27, 2024
Vulnerability Reserved.
Sep 6, 2023

Collectors

NVD DatabaseMitre Database