CVE-2016-5890

low-risk

Published 2016-11-30

IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors.

Do I need to act?

0.16% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / HIGH complexity

Affected Products (1)

Sterling B2B Integrator

Affected Vendors

Ibm

References (6)

Patch http://www-01.ibm.com/support/docview.wss?uid=swg1IT16043

Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21989577

Third Party Advisory http://www.securityfocus.com/bid/94391

Patch http://www-01.ibm.com/support/docview.wss?uid=swg1IT16043

Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21989577

Third Party Advisory http://www.securityfocus.com/bid/94391

/ 100

low-risk

Severity 17/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal