Improper restriction of rendered UI layers or frames in IBM Sterling B2B Integrator
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-42011 |
| CWE-ID | CWE-1021 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
IBM Sterling B2B Integrator Server applications / Other server solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper Restriction of Rendered UI Layers or Frames
EUVDB-ID: #VU95170
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-42011
CWE-ID:
CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Exploit availability: No
DescriptionThe vulnerability allows a remote user to modify data on the system.
The vulnerability exists due to IBM Sterling B2B Integrator Standard Edition does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain. A remote user can trigger the vulnerability and modify data on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Sterling B2B Integrator: 6.1 - 6.2
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_sterling_b2b_integrator:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_sterling_b2b_integrator:6.2:*:*:*:*:*:*:*
http://www.ibm.com/support/pages/node/7158657
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
