Main Vulnerability Database Vulnerabilities #VU95170

Improper Restriction of Rendered UI Layers or Frames in IBM Sterling B2B Integrator - CVE-2023-42011

Published: August 2, 2024

Vulnerability identifier: #VU95170

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-42011

CWE-ID: CWE-1021

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
IBM Sterling B2B Integrator

Detailed vulnerability description

The vulnerability allows a remote user to modify data on the system.

The vulnerability exists due to IBM Sterling B2B Integrator Standard Edition does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain. A remote user can trigger the vulnerability and modify data on the system.

How to mitigate CVE-2023-42011

Install updates from vendor's website.

Sources

https://www.ibm.com/support/pages/node/7158657
https://exchange.xforce.ibmcloud.com/vulnerabilities/265508

Improper Restriction of Rendered UI Layers or Frames in IBM Sterling B2B Integrator - CVE-2023-42011

Detailed vulnerability description

How to mitigate CVE-2023-42011

Sources

Please verify you're human