Details of VAR-201804-0276

ID

VAR-201804-0276

CVE

CVE-2014-0912

TITLE

IBM Sterling B2B Integrator and IBM Sterling File Gateway Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2014-008595

DESCRIPTION

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive product information via vectors related to an error page. IBM X-Force ID: 92072. Vendors have confirmed this vulnerability IBM X-Force ID: 92072 It is released as.Information may be obtained. IBM Sterling File Gateway is a set of file transfer software that integrates different file transfer methods and can realize secure interaction through the network. A remote attacker could exploit this vulnerability to obtain sensitive product information by sending a specially crafted URL request

Trust: 1.71

sources: NVD: CVE-2014-0912 // JVNDB: JVNDB-2014-008595 // VULHUB: VHN-68405

AFFECTED PRODUCTS

vendor:	ibm	model:	sterling b2b integrator	scope:	eq	version:	5.1	Trust: 2.4
vendor:	ibm	model:	sterling b2b integrator	scope:	eq	version:	5.2	Trust: 2.4
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.1	Trust: 2.4
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2	Trust: 2.4

sources: JVNDB: JVNDB-2014-008595 // CNNVD: CNNVD-201804-1313 // NVD: CVE-2014-0912

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0912
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0912
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201804-1313
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-68405
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0912
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-68405
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2014-0912
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-68405 // JVNDB: JVNDB-2014-008595 // CNNVD: CNNVD-201804-1313 // NVD: CVE-2014-0912

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-68405 // JVNDB: JVNDB-2014-008595 // NVD: CVE-2014-0912

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-1313

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201804-1313

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-008595

PATCH

title:	1674739	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21674739	Trust: 0.8
title:	ibm-sterling-cve20140912-info-disc (92072)	url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/92072	Trust: 0.8
title:	IBM Sterling B2B Integrator and IBM Sterling File Gateway Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79607	Trust: 0.6

sources: JVNDB: JVNDB-2014-008595 // CNNVD: CNNVD-201804-1313

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0912	Trust: 2.5
db:	JVNDB	id:	JVNDB-2014-008595	Trust: 0.8
db:	CNNVD	id:	CNNVD-201804-1313	Trust: 0.7
db:	VULHUB	id:	VHN-68405	Trust: 0.1

sources: VULHUB: VHN-68405 // JVNDB: JVNDB-2014-008595 // CNNVD: CNNVD-201804-1313 // NVD: CVE-2014-0912

REFERENCES

url:	http://www-01.ibm.com/support/docview.wss?uid=swg21674739	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/92072	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0912	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0912	Trust: 0.8

sources: VULHUB: VHN-68405 // JVNDB: JVNDB-2014-008595 // CNNVD: CNNVD-201804-1313 // NVD: CVE-2014-0912

SOURCES

db:	VULHUB	id:	VHN-68405
db:	JVNDB	id:	JVNDB-2014-008595
db:	CNNVD	id:	CNNVD-201804-1313
db:	NVD	id:	CVE-2014-0912

LAST UPDATE DATE

2024-11-23T22:38:14.390000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68405	date:	2018-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2014-008595	date:	2018-06-14T00:00:00
db:	CNNVD	id:	CNNVD-201804-1313	date:	2018-04-23T00:00:00
db:	NVD	id:	CVE-2014-0912	date:	2024-11-21T02:03:01.717

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68405	date:	2018-04-20T00:00:00
db:	JVNDB	id:	JVNDB-2014-008595	date:	2018-06-14T00:00:00
db:	CNNVD	id:	CNNVD-201804-1313	date:	2018-04-23T00:00:00
db:	NVD	id:	CVE-2014-0912	date:	2018-04-20T21:29:00.330