CVE-2015-7445

IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
ibmb2b_advanced_communications
1.0
ibmb2b_advanced_communications
1.0.0.1
ibmb2b_advanced_communications
1.0.0.2
ibmb2b_advanced_communications
1.0.0.3
ibmmulti-enterprise_integration_gateway
1.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IT12573
http://www-01.ibm.com/support/docview.wss?uid=swg21972480
http://www.securityfocus.com/bid/79681
http://www-01.ibm.com/support/docview.wss?uid=swg1IT12573
http://www-01.ibm.com/support/docview.wss?uid=swg21972480
http://www.securityfocus.com/bid/79681