CVE-2015-5022 - OpenCVE

IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	B2b Advanced Communications

Configuration 1 [-]

OR	cpe:2.3:a:ibm:b2b_advanced_communications:1.0.0.1:::::::*
	cpe:2.3:a:ibm:b2b_advanced_communications:1.0.0.2:::::::*
	cpe:2.3:a:ibm:b2b_advanced_communications:1.0.0.3:::::::*

No data.

References

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg1IT10702
http://www-01.ibm.com/support/docview.wss?uid=swg21967334

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2015-10-05T10:00:00

Updated: 2024-08-06T06:32:31.905Z

Reserved: 2015-06-24T00:00:00

Link: CVE-2015-5022

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2015-10-06T01:59:16.673

Modified: 2015-10-07T15:08:52.400

Link: CVE-2015-5022

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-09-24T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-10-05T02:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "IT10702", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT10702"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967334"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2015-5022", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "IT10702", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT10702"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21967334", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967334"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:32:31.905Z"}, "title": "CVE Program Container", "references": [{"name": "IT10702", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT10702"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967334"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2015-5022", "datePublished": "2015-10-05T10:00:00", "dateReserved": "2015-06-24T00:00:00", "dateUpdated": "2024-08-06T06:32:31.905Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:b2b_advanced_communications:1.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "DB28631D-6863-4793-84A3-0586A3EB211A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:b2b_advanced_communications:1.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "75253E16-967B-43FB-8D4B-69A5F136183C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:b2b_advanced_communications:1.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "8D4BA396-C20E-4B29-8C0C-035B0AEF2099", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields."}, {"lang": "es", "value": "IBM Multi-Enterprise Integration Gateway 1.x hasta la versi\u00f3n 1.0.0.1 y B2B Advanced Communications 1.0.0.2 y 1.0.0.3 en versiones anteriores a 1.0.0.3_2, cuando el acceso de invitados est\u00e1 habilitado, sit\u00faa un hostname interno y una ruta de payload en una respuesta, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible aprovechando una relaci\u00f3n trading-partner y leyendo campos de respuesta."}], "id": "CVE-2015-5022", "lastModified": "2015-10-07T15:08:52.400", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-10-06T01:59:16.673", "references": [{"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT10702"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967334"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}