IBM
CVE-2024-52905
LOW
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user.
AnalysisAI
IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 contain an information disclosure flaw that could allow users with elevated privileges to access sensitive database information they shouldn't normally be able to see. This affects organizations using these specific versions of the software. An attacker with administrative or privileged access could exploit this to view confidential data stored in the database.
Technical ContextAI
affects IBM Sterling B2B Integrator Standard Edition 6.0.0.0. IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user.
Affected ProductsAI
Product: IBM Sterling B2B Integrator Standard Edition 6.0.0.0. Versions: up to 6.1.2.6.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today