Sign-up

ID

VAR-201605-0373


CVE

CVE-2016-0341


TITLE

IBM Multi-Enterprise Integration Gateway and B2B Advanced Communications Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2016-002774

DESCRIPTION

IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 through 1.0.0.4 do not require HTTPS, which might allow remote attackers to obtain sensitive information by sniffing the network. IBMB2BAdvanced Communications is a communications gateway product. Multiple IBM Products is prone to a local information-disclosure vulnerability. There is an information disclosure vulnerability in , which is caused by the fact that the program is not configured with HTTPS

Trust: 2.52

sources: NVD: CVE-2016-0341 // JVNDB: JVNDB-2016-002774 // CNVD: CNVD-2016-02871 // BID: 89859 // VULHUB: VHN-87851

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-02871

AFFECTED PRODUCTS

vendor:ibmmodel:b2b advanced communicationsscope:eqversion:1.0.0.3

Trust: 1.9

vendor:ibmmodel:b2b advanced communicationsscope:eqversion:1.0.0.2

Trust: 1.9

vendor:ibmmodel:b2b advanced communicationsscope:eqversion:1.0.0.1

Trust: 1.6

vendor:ibmmodel:multi-enterprise integration gatewayscope:eqversion:1.0.0

Trust: 1.6

vendor:ibmmodel:b2b advanced communicationsscope:eqversion:1.0

Trust: 1.6

vendor:ibmmodel:b2b advanced communicationsscope:eqversion:1.0.0.2 to 1.0.0.4

Trust: 0.8

vendor:ibmmodel:multi-enterprise integration gatewayscope:eqversion:1.0.0.1 for up to 1.0

Trust: 0.8

vendor:ibmmodel:b2b advanced communicationsscope:gteversion:1.0.0.2<=1.0.0.4

Trust: 0.6

vendor:ibmmodel:transformation extender advancedscope:eqversion:9.0.0.1

Trust: 0.3

vendor:ibmmodel:transformation extender advancedscope:eqversion:9.0

Trust: 0.3

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2.6

Trust: 0.3

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2.5.0

Trust: 0.3

vendor:ibmmodel:standards processing enginescope:eqversion:8.5.1.2

Trust: 0.3

vendor:ibmmodel:multi-enterprise integration gatewayscope:eqversion:1.0.0.1

Trust: 0.3

vendor:ibmmodel:multi-enterprise integration gatewayscope:eqversion:1.0

Trust: 0.3

vendor:ibmmodel:b2b advanced communicationsscope:eqversion:1.0.0.4

Trust: 0.3

sources: CNVD: CNVD-2016-02871 // BID: 89859 // JVNDB: JVNDB-2016-002774 // CNNVD: CNNVD-201605-130 // NVD: CVE-2016-0341

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-0341
value: HIGH

Trust: 1.0

NVD: CVE-2016-0341
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-02871
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201605-130
value: MEDIUM

Trust: 0.6

VULHUB: VHN-87851
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-0341
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-02871
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-87851
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-0341
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-02871 // VULHUB: VHN-87851 // JVNDB: JVNDB-2016-002774 // CNNVD: CNNVD-201605-130 // NVD: CVE-2016-0341

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-87851 // JVNDB: JVNDB-2016-002774 // NVD: CVE-2016-0341

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-130

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201605-130

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002774

PATCH
title:1981462url:http://www-01.ibm.com/support/docview.wss?uid=swg21981462
Trust: 0.8
title:Patch for IBMB2BAdvanced Communications Information Disclosure Vulnerability (CNVD-2016-02871)url:https://www.cnvd.org.cn/patchInfo/show/75410
Trust: 0.6
title:IBM B2B Advanced Communications Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61453
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-02871 // 
            
            
            
            JVNDB: JVNDB-2016-002774 // 
            
            
            
            CNNVD: CNNVD-201605-130

EXTERNAL IDS
db:NVDid:CVE-2016-0341
Trust: 3.4
db:JVNDBid:JVNDB-2016-002774
Trust: 0.8
db:CNNVDid:CNNVD-201605-130
Trust: 0.7
db:CNVDid:CNVD-2016-02871
Trust: 0.6
db:BIDid:89859
Trust: 0.4
db:VULHUBid:VHN-87851
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-02871 // 
            
            
            
            VULHUB: VHN-87851 // 
            
            
            
            BID: 89859 // 
            
            
            
            JVNDB: JVNDB-2016-002774 // 
            
            
            
            CNNVD: CNNVD-201605-130 // 
            
            
            
            NVD: CVE-2016-0341

REFERENCES
url:http://www-01.ibm.com/support/docview.wss?uid=swg21981462
Trust: 2.6
url:http://www-01.ibm.com/support/docview.wss?uid=swg1it14835
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0341
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0341
Trust: 0.8
url:http://www.ibm.com/
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21985111
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21987644
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-02871 // 
            
            
            
            VULHUB: VHN-87851 // 
            
            
            
            BID: 89859 // 
            
            
            
            JVNDB: JVNDB-2016-002774 // 
            
            
            
            CNNVD: CNNVD-201605-130 // 
            
            
            
            NVD: CVE-2016-0341

CREDITS
IBM
Trust: 0.3
sources:
            
            
            BID: 89859

SOURCES
db:CNVDid:CNVD-2016-02871
db:VULHUBid:VHN-87851
db:BIDid:89859
db:JVNDBid:JVNDB-2016-002774
db:CNNVDid:CNNVD-201605-130
db:NVDid:CVE-2016-0341

LAST UPDATE DATE
2024-11-23T22:52:40.906000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-02871date:2016-05-10T00:00:00
db:VULHUBid:VHN-87851date:2016-05-19T00:00:00
db:BIDid:89859date:2016-08-11T13:00:00
db:JVNDBid:JVNDB-2016-002774date:2016-05-23T00:00:00
db:CNNVDid:CNNVD-201605-130date:2016-05-16T00:00:00
db:NVDid:CVE-2016-0341date:2024-11-21T02:41:31.270

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-02871date:2016-05-10T00:00:00
db:VULHUBid:VHN-87851date:2016-05-15T00:00:00
db:BIDid:89859date:2016-05-02T00:00:00
db:JVNDBid:JVNDB-2016-002774date:2016-05-23T00:00:00
db:CNNVDid:CNNVD-201605-130date:2016-05-05T00:00:00
db:NVDid:CVE-2016-0341date:2016-05-15T01:59:00.160