Details of VAR-201807-0189

ID

VAR-201807-0189

CVE

CVE-2017-1544

TITLE

IBM Sterling B2B Integrator Standard Edition Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2018-008162

DESCRIPTION

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) caches usernames and passwords in browsers that could be used by a local attacker to obtain sensitive information. IBM X-Force ID: 130812. Vendors have confirmed this vulnerability IBM X-Force ID: 130812 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker can exploit these issues to gain access to sensitive information. Information obtained may aid in other attacks. The software consolidates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet

Trust: 1.98

sources: NVD: CVE-2017-1544 // JVNDB: JVNDB-2018-008162 // BID: 104885 // VULHUB: VHN-106262

AFFECTED PRODUCTS

vendor:	ibm	model:	sterling file gateway	scope:	lte	version:	2.2.6	Trust: 1.0
vendor:	ibm	model:	sterling file gateway	scope:	gte	version:	2.2.0	Trust: 1.0
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2.0 to 2.2.6	Trust: 0.8
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2.6	Trust: 0.3
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2.5	Trust: 0.3
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2	Trust: 0.3

sources: BID: 104885 // JVNDB: JVNDB-2018-008162 // NVD: CVE-2017-1544

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-1544
value:	HIGH
Trust: 1.0
psirt@us.ibm.com:	CVE-2017-1544
value:	LOW
Trust: 1.0
NVD:	CVE-2017-1544
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201807-1698
value:	HIGH
Trust: 0.6
VULHUB:	VHN-106262
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-1544
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-106262
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-1544
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8
psirt@us.ibm.com:	CVE-2017-1544
baseSeverity:	LOW
baseScore:	2.4
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	1.4
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-106262 // JVNDB: JVNDB-2018-008162 // CNNVD: CNNVD-201807-1698 // NVD: CVE-2017-1544 // NVD: CVE-2017-1544

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.1
problemtype:	CWE-255	Trust: 0.9

sources: VULHUB: VHN-106262 // JVNDB: JVNDB-2018-008162 // NVD: CVE-2017-1544

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201807-1698

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201807-1698

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008162

PATCH

title:	0716997	url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10716997	Trust: 0.8
title:	ibm-sterling-cve20171544-info-disc (130812)	url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/130812	Trust: 0.8
title:	IBM Sterling File Gateway Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82539	Trust: 0.6

sources: JVNDB: JVNDB-2018-008162 // CNNVD: CNNVD-201807-1698

EXTERNAL IDS

db:	NVD	id:	CVE-2017-1544	Trust: 2.8
db:	BID	id:	104885	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-008162	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-1698	Trust: 0.7
db:	VULHUB	id:	VHN-106262	Trust: 0.1

sources: VULHUB: VHN-106262 // BID: 104885 // JVNDB: JVNDB-2018-008162 // CNNVD: CNNVD-201807-1698 // NVD: CVE-2017-1544

REFERENCES

url:	http://www.securityfocus.com/bid/104885	Trust: 1.7
url:	http://www.ibm.com/support/docview.wss?uid=ibm10716997	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/130812	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1544	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-1544	Trust: 0.8
url:	http://www.ibm.com/	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=ibm10716997	Trust: 0.3

sources: VULHUB: VHN-106262 // BID: 104885 // JVNDB: JVNDB-2018-008162 // CNNVD: CNNVD-201807-1698 // NVD: CVE-2017-1544

CREDITS

IBM

Trust: 0.3

sources: BID: 104885

SOURCES

db:	VULHUB	id:	VHN-106262
db:	BID	id:	104885
db:	JVNDB	id:	JVNDB-2018-008162
db:	CNNVD	id:	CNNVD-201807-1698
db:	NVD	id:	CVE-2017-1544

LAST UPDATE DATE

2024-11-23T22:34:14.845000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-106262	date:	2019-10-09T00:00:00
db:	BID	id:	104885	date:	2018-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-008162	date:	2018-10-10T00:00:00
db:	CNNVD	id:	CNNVD-201807-1698	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-1544	date:	2024-11-21T03:22:02.997

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-106262	date:	2018-07-20T00:00:00
db:	BID	id:	104885	date:	2018-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-008162	date:	2018-10-10T00:00:00
db:	CNNVD	id:	CNNVD-201807-1698	date:	2018-07-23T00:00:00
db:	NVD	id:	CVE-2017-1544	date:	2018-07-20T16:29:00.260