CVE-2015-7445

EUVD-2015-7369
IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
ibmb2b_advanced_communications
1.0
ibmb2b_advanced_communications
1.0.0.1
ibmb2b_advanced_communications
1.0.0.2
ibmb2b_advanced_communications
1.0.0.3
ibmmulti-enterprise_integration_gateway
1.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IT12573
http://www-01.ibm.com/support/docview.wss?uid=swg21972480
http://www.securityfocus.com/bid/79681
http://www-01.ibm.com/support/docview.wss?uid=swg1IT12573
http://www-01.ibm.com/support/docview.wss?uid=swg21972480
http://www.securityfocus.com/bid/79681