CVE-2019-4222

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could allow an authenticated user to view process definition of a business process without permission. IBM X-Force ID: 159231.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name	Vendor	Start Version	End Version
Sterling_b2b_integrator	Ibm	6.0.0.0 (including)	6.0.0.0 (including)
Sterling_b2b_integrator	Ibm	6.0.0.1 (including)	6.0.0.1 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/122.html
https://cwe.mitre.org/data/definitions/233.html
https://cwe.mitre.org/data/definitions/58.html

References

http://www.securityfocus.com/bid/108110
https://exchange.xforce.ibmcloud.com/vulnerabilities/159231
https://www.ibm.com/support/docview.wss?uid=ibm10880595
http://www.securityfocus.com/bid/108110
https://exchange.xforce.ibmcloud.com/vulnerabilities/159231
https://www.ibm.com/support/docview.wss?uid=ibm10880595

NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-4222
CWE	https://cwe.mitre.org/data/definitions/269.html

Improper Privilege Management

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References