mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
141 lines
4.3 KiB
JSON
141 lines
4.3 KiB
JSON
{
|
|
"id": "CVE-2015-7445",
|
|
"sourceIdentifier": "psirt@us.ibm.com",
|
|
"published": "2016-01-01T05:59:07.690",
|
|
"lastModified": "2016-11-28T19:43:16.217",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "IBM Multi-Enterprise Integration Gateway 1.0 hasta la versi\u00f3n 1.0.0.1 y B2B Advanced Communications 1.x en versiones anteriores a 1.0.0.4, cuando se configura el acceso de invitado, permite a usuarios remotos autenticados obtener informaci\u00f3n sensible leyendo mensajes de error en respuestas."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.3,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 1.4
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "SINGLE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 3.5
|
|
},
|
|
"baseSeverity": "LOW",
|
|
"exploitabilityScore": 6.8,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-200"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:b2b_advanced_communications:1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EA082C4C-E3D4-436E-A6CC-58B0F05BEAF3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:b2b_advanced_communications:1.0.0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DB28631D-6863-4793-84A3-0586A3EB211A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:b2b_advanced_communications:1.0.0.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "75253E16-967B-43FB-8D4B-69A5F136183C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:b2b_advanced_communications:1.0.0.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8D4BA396-C20E-4B29-8C0C-035B0AEF2099"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:ibm:multi-enterprise_integration_gateway:1.0.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "74C974C2-6873-4BF3-8687-3D7C8B026B9C"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT12573",
|
|
"source": "psirt@us.ibm.com"
|
|
},
|
|
{
|
|
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972480",
|
|
"source": "psirt@us.ibm.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/79681",
|
|
"source": "psirt@us.ibm.com"
|
|
}
|
|
]
|
|
} |