CVE-2016-0341

EUVD-2016-0376
IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 through 1.0.0.4 do not require HTTPS, which might allow remote attackers to obtain sensitive information by sniffing the network.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
ibmb2b_advanced_communications
1.0
ibmb2b_advanced_communications
1.0.0.1
ibmb2b_advanced_communications
1.0.0.2
ibmb2b_advanced_communications
1.0.0.3
ibmmulti-enterprise_integration_gateway
1.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IT14835
http://www-01.ibm.com/support/docview.wss?uid=swg21981462
http://www-01.ibm.com/support/docview.wss?uid=swg1IT14835
http://www-01.ibm.com/support/docview.wss?uid=swg21981462