CVE-2024-45089

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition EBICS server could allow an authenticated user to obtain sensitive filename information due to an observable discrepancy.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7182063	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:sterling_b2b_integrator:::::standard:::*
	cpe:2.3:a:ibm:sterling_b2b_integrator:::::standard:::*

History

05 Mar 2025, 18:17

Type	Values Removed	Values Added
Summary		(es) El servidor IBM Sterling B2B Integrator 6.0.0.0 a 6.1.2.5 y 6.2.0.0 a 6.2.0.3 Standard Edition EBICS podría permitir que un usuario autenticado obtenga información confidencial sobre nombres de archivos debido a una discrepancia observable.
First Time		Ibm sterling B2b Integrator Ibm
References	~~() https://www.ibm.com/support/pages/node/7182063 -~~	() https://www.ibm.com/support/pages/node/7182063 - Vendor Advisory
CPE		cpe:2.3:a:ibm:sterling_b2b_integrator:::::standard:::*

31 Jan 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-31 16:15

Updated : 2025-03-05 18:17

NVD link : CVE-2024-45089

Mitre link : CVE-2024-45089

CVE.ORG link : CVE-2024-45089

JSON object : View

Products Affected

ibm

sterling_b2b_integrator

CWE

CWE-203

Observable Discrepancy

4.3 /10