Sign-up

ID

VAR-201807-0415


CVE

CVE-2018-1563


TITLE

IBM Sterling B2B Integrator Standard Edition Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-008160

DESCRIPTION

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142967. Vendors have confirmed this vulnerability IBM X-Force ID: 142967 It is released as.Information may be obtained and information may be altered. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The software supports secure integration of complex B2B processes with diverse partner communities

Trust: 1.98

sources: NVD: CVE-2018-1563 // JVNDB: JVNDB-2018-008160 // BID: 104910 // VULHUB: VHN-125908

AFFECTED PRODUCTS

vendor:ibmmodel:sterling b2b integratorscope:lteversion:5.2.6.3

Trust: 1.0

vendor:ibmmodel:sterling file gatewayscope:lteversion:2.2.6

Trust: 1.0

vendor:ibmmodel:sterling file gatewayscope:gteversion:2.2.0

Trust: 1.0

vendor:ibmmodel:sterling b2b integratorscope:gteversion:5.2.0.1

Trust: 1.0

vendor:ibmmodel:sterling b2b integratorscope: - version: -

Trust: 0.8

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.2.0 to 2.2.6

Trust: 0.8

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2.6

Trust: 0.3

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2.41

Trust: 0.3

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2.4

Trust: 0.3

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2.3

Trust: 0.3

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2.2

Trust: 0.3

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2.1

Trust: 0.3

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2.6.3

Trust: 0.3

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2.5.0

Trust: 0.3

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2.4.2

Trust: 0.3

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2.0.1

Trust: 0.3

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2

Trust: 0.3

sources: BID: 104910 // JVNDB: JVNDB-2018-008160 // NVD: CVE-2018-1563

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1563
value: MEDIUM

Trust: 1.0

psirt@us.ibm.com: CVE-2018-1563
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-1563
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201807-1691
value: MEDIUM

Trust: 0.6

VULHUB: VHN-125908
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-1563
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-125908
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1563
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-125908 // JVNDB: JVNDB-2018-008160 // CNNVD: CNNVD-201807-1691 // NVD: CVE-2018-1563 // NVD: CVE-2018-1563

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-125908 // JVNDB: JVNDB-2018-008160 // NVD: CVE-2018-1563

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1691

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201807-1691

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008160

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-125908

PATCH
title:0717031url:http://www.ibm.com/support/docview.wss?uid=ibm10717031
Trust: 0.8
title:ibm-sterling-cve20181563-xssurl:https://exchange.xforce.ibmcloud.com/vulnerabilities/142967
Trust: 0.8
title:IBM Sterling B2B Integrator Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82534
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-008160 // 
            
            
            
            CNNVD: CNNVD-201807-1691

EXTERNAL IDS
db:NVDid:CVE-2018-1563
Trust: 2.8
db:BIDid:104910
Trust: 2.0
db:EXPLOIT-DBid:45190
Trust: 1.7
db:JVNDBid:JVNDB-2018-008160
Trust: 0.8
db:CNNVDid:CNNVD-201807-1691
Trust: 0.7
db:VULHUBid:VHN-125908
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125908 // 
            
            
            
            BID: 104910 // 
            
            
            
            JVNDB: JVNDB-2018-008160 // 
            
            
            
            CNNVD: CNNVD-201807-1691 // 
            
            
            
            NVD: CVE-2018-1563

REFERENCES
url:http://www.securityfocus.com/bid/104910
Trust: 1.7
url:http://www.ibm.com/support/docview.wss?uid=ibm10717031
Trust: 1.7
url:https://www.exploit-db.com/exploits/45190/
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/142967
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1563
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-1563
Trust: 0.8
url:http://www.ibm.com/
Trust: 0.3
url:http://www-01.ibm.com/software/commerce/b2b/products/b2b-integrator/
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=ibm10717031
Trust: 0.3
sources:
            
            
            VULHUB: VHN-125908 // 
            
            
            
            BID: 104910 // 
            
            
            
            JVNDB: JVNDB-2018-008160 // 
            
            
            
            CNNVD: CNNVD-201807-1691 // 
            
            
            
            NVD: CVE-2018-1563

CREDITS
Vikas Khanna, and IBM.
Trust: 0.3
sources:
            
            
            BID: 104910

SOURCES
db:VULHUBid:VHN-125908
db:BIDid:104910
db:JVNDBid:JVNDB-2018-008160
db:CNNVDid:CNNVD-201807-1691
db:NVDid:CVE-2018-1563

LAST UPDATE DATE
2024-11-23T22:17:26.886000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-125908date:2019-10-09T00:00:00
db:BIDid:104910date:2018-07-26T00:00:00
db:JVNDBid:JVNDB-2018-008160date:2018-10-10T00:00:00
db:CNNVDid:CNNVD-201807-1691date:2019-10-17T00:00:00
db:NVDid:CVE-2018-1563date:2024-11-21T04:00:01.400

SOURCES RELEASE DATE
db:VULHUBid:VHN-125908date:2018-07-20T00:00:00
db:BIDid:104910date:2018-07-26T00:00:00
db:JVNDBid:JVNDB-2018-008160date:2018-10-10T00:00:00
db:CNNVDid:CNNVD-201807-1691date:2018-07-23T00:00:00
db:NVDid:CVE-2018-1563date:2018-07-20T16:29:00.620