Main Vulnerability Database Vulnerabilities #VU95170

#VU95170 Improper Restriction of Rendered UI Layers or Frames in IBM Sterling B2B Integrator - CVE-2023-42011

Published: August 2, 2024

Vulnerability identifier: #VU95170

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-42011

CWE-ID: CWE-1021

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
IBM Sterling B2B Integrator

Software vendor:
IBM Corporation

Description

The vulnerability allows a remote user to modify data on the system.

The vulnerability exists due to IBM Sterling B2B Integrator Standard Edition does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain. A remote user can trigger the vulnerability and modify data on the system.

Remediation

Install updates from vendor's website.

External links

https://www.ibm.com/support/pages/node/7158657
https://exchange.xforce.ibmcloud.com/vulnerabilities/265508