CVE-2021-20562
Published on: 07/27/2021 12:00:00 AM UTC
Last Modified on: 11/28/2021 11:13:00 PM UTC
Certain versions of Hp-ux from Hp contain the following vulnerability:
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199232.
- CVE-2021-20562 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
- Affected Vendor/Software:
IBM - Sterling B2B Integrator version 5.2.0.0
- Affected Vendor/Software:
IBM - Sterling B2B Integrator version 6.1.0.0
- Affected Vendor/Software:
IBM - Sterling B2B Integrator version 6.1.0.2
- Affected Vendor/Software:
IBM - Sterling B2B Integrator version 5.2.6.5_3
CVSS3 Score: 5.4 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | LOW | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
CHANGED | LOW | LOW | NONE |
CVSS2 Score: 3.5 - LOW
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | SINGLE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | PARTIAL | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
IBM X-Force Exchange | exchange.xforce.ibmcloud.com text/html |
![]() |
Full Disclosure: SEC Consult SA-20211104-0 :: Reflected cross-site scripting vulnerability in IBM Sterling B2B Integrator | seclists.org text/html |
![]() |
IBM Sterling B2B Integrator Cross Site Scripting ≈ Packet Storm | packetstormsecurity.com text/html |
![]() |
Security Bulletin: XSS Security Vulnerabilty Affects Mailbox UI of IBM Sterling B2B Integrator (CVE-2021-20562) | www.ibm.com text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Operating System | Hp | Hp-ux | - | All | All | All |
Operating System | Ibm | Aix | - | All | All | All |
Operating System | Ibm | I | - | All | All | All |
Application | Ibm | Sterling B2b Integrator | All | All | All | All |
Application | Ibm | Sterling B2b Integrator | All | All | All | All |
Operating System | Linux | Linux Kernel | - | All | All | All |
Operating System | Microsoft | Windows | - | All | All | All |
Operating System | Oracle | Solaris | - | All | All | All |
- cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*:
- cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*:
- cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*:
- cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*:
- cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*:
- cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2021-20562 : #IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0… twitter.com/i/web/status/1… | 2021-07-27 11:31:04 |