IBM Multi-Enterprise Integration Gateway 1.x up to and including 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 prior to 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm b2b advanced communications 1.0.0.1 |
||
ibm b2b advanced communications 1.0.0.2 |
||
ibm b2b advanced communications 1.0.0.3 |