Allele Security Alert
ASA-2019-00247
Identifier(s)
ASA-2019-00247, CVE-2019-4077
Title
Multiple Cross-Site Scripting (XSS) Vulnerabilities
Vendor(s)
IBM
Product(s)
IBM Sterling B2B Integrator Standard Edition
Affected version(s)
IBM Sterling B2B Integrator versions 6.0.0.0 and 6.0.0.1
Fixed version(s)
IBM Sterling B2B Integrator version 6.0.1.0
Proof of concept
Unknown
Description
IBM Sterling B2B Integrator Standard Edition is vulnerable to Cross-Site Scripting (XSS). This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Technical details
Unknown
Credits
Unknown
Reference(s)
Security Bulletin: Multiple Cross-Site Scripting Vulnerabilities Affect IBM Sterling B2B Integrator
https://www-01.ibm.com/support/docview.wss?uid=ibm10880591
IBM Sterling B2B Integrator cross-site scripting
https://exchange.xforce.ibmcloud.com/vulnerabilities/157111
CVE-2019-4077
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4077
CVE-2019-4077
https://nvd.nist.gov/vuln/detail/CVE-2019-4077
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: May 3, 2019