Sign-up

ID

VAR-201601-0390


CVE

CVE-2015-7445


TITLE

IBM B2B Advanced Communications Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-08553 // CNNVD: CNNVD-201512-607

DESCRIPTION

IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive information by reading error messages in responses. IBM B2B Advanced Communication is a communications gateway product from IBM Corporation of the United States. An information disclosure vulnerability exists in IBM B2B Advanced Communications versions 1.0.0.2 and 1.0.0.3. The following products and versions are affected: IBM Multi-Enterprise Integration Gateway version 1.0 to version 1.0.0.1

Trust: 2.52

sources: NVD: CVE-2015-7445 // JVNDB: JVNDB-2015-006658 // CNVD: CNVD-2015-08553 // BID: 79681 // VULHUB: VHN-85406

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-08553

AFFECTED PRODUCTS

vendor:ibmmodel:b2b advanced communicationsscope:eqversion:1.0.0.3

Trust: 1.9

vendor:ibmmodel:b2b advanced communicationsscope:eqversion:1.0.0.2

Trust: 1.9

vendor:ibmmodel:b2b advanced communicationsscope:eqversion:1.0.0.1

Trust: 1.6

vendor:ibmmodel:multi-enterprise integration gatewayscope:eqversion:1.0.0

Trust: 1.6

vendor:ibmmodel:b2b advanced communicationsscope:eqversion:1.0

Trust: 1.6

vendor:ibmmodel:b2b advanced communicationsscope:eqversion:1.0.0.4

Trust: 0.8

vendor:ibmmodel:multi-enterprise integration gatewayscope:eqversion:1.0.0.1 for up to 1.0

Trust: 0.8

vendor:ibmmodel:b2b advanced communicationsscope:ltversion:1.x

Trust: 0.8

vendor:ibmmodel:b2b advanced communicationsscope:eqversion:1.0.0.2-1.0.0.3

Trust: 0.6

vendor:ibmmodel:multi-enterprise integration gatewayscope:eqversion:1.0.0.1

Trust: 0.3

vendor:ibmmodel:multi-enterprise integration gatewayscope:eqversion:1.0

Trust: 0.3

vendor:ibmmodel:b2b advanced communicationsscope:neversion:1.0.0.4

Trust: 0.3

sources: CNVD: CNVD-2015-08553 // BID: 79681 // JVNDB: JVNDB-2015-006658 // CNNVD: CNNVD-201512-607 // NVD: CVE-2015-7445

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7445
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7445
value: LOW

Trust: 0.8

CNVD: CNVD-2015-08553
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201512-607
value: LOW

Trust: 0.6

VULHUB: VHN-85406
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2015-7445
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-08553
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-85406
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-7445
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2015-08553 // VULHUB: VHN-85406 // JVNDB: JVNDB-2015-006658 // CNNVD: CNNVD-201512-607 // NVD: CVE-2015-7445

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-85406 // JVNDB: JVNDB-2015-006658 // NVD: CVE-2015-7445

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-607

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201512-607

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006658

PATCH
title:1972480url:http://www-01.ibm.com/support/docview.wss?uid=swg21972480
Trust: 0.8
title:IBM B2B Advanced Communications Information Disclosure Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/69403
Trust: 0.6
title:IBM B2B Advanced Communications Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59358
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-08553 // 
            
            
            
            JVNDB: JVNDB-2015-006658 // 
            
            
            
            CNNVD: CNNVD-201512-607

EXTERNAL IDS
db:NVDid:CVE-2015-7445
Trust: 3.4
db:BIDid:79681
Trust: 2.6
db:JVNDBid:JVNDB-2015-006658
Trust: 0.8
db:CNNVDid:CNNVD-201512-607
Trust: 0.7
db:CNVDid:CNVD-2015-08553
Trust: 0.6
db:VULHUBid:VHN-85406
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-08553 // 
            
            
            
            VULHUB: VHN-85406 // 
            
            
            
            BID: 79681 // 
            
            
            
            JVNDB: JVNDB-2015-006658 // 
            
            
            
            CNNVD: CNNVD-201512-607 // 
            
            
            
            NVD: CVE-2015-7445

REFERENCES
url:http://www.securityfocus.com/bid/79681
Trust: 2.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg21972480
Trust: 2.0
url:http://www-01.ibm.com/support/docview.wss?uid=swg1it12573
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7445
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7445
Trust: 0.8
url:http://www.ibm.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-08553 // 
            
            
            
            VULHUB: VHN-85406 // 
            
            
            
            BID: 79681 // 
            
            
            
            JVNDB: JVNDB-2015-006658 // 
            
            
            
            CNNVD: CNNVD-201512-607 // 
            
            
            
            NVD: CVE-2015-7445

CREDITS
IBM
Trust: 0.9
sources:
            
            
            BID: 79681 // 
            
            
            
            CNNVD: CNNVD-201512-607

SOURCES
db:CNVDid:CNVD-2015-08553
db:VULHUBid:VHN-85406
db:BIDid:79681
db:JVNDBid:JVNDB-2015-006658
db:CNNVDid:CNNVD-201512-607
db:NVDid:CVE-2015-7445

LAST UPDATE DATE
2025-04-13T23:39:36.348000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-08553date:2015-12-31T00:00:00
db:VULHUBid:VHN-85406date:2016-11-28T00:00:00
db:BIDid:79681date:2015-12-21T00:00:00
db:JVNDBid:JVNDB-2015-006658date:2016-01-08T00:00:00
db:CNNVDid:CNNVD-201512-607date:2015-12-28T00:00:00
db:NVDid:CVE-2015-7445date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-08553date:2015-12-31T00:00:00
db:VULHUBid:VHN-85406date:2016-01-01T00:00:00
db:BIDid:79681date:2015-12-21T00:00:00
db:JVNDBid:JVNDB-2015-006658date:2016-01-08T00:00:00
db:CNNVDid:CNNVD-201512-607date:2015-12-28T00:00:00
db:NVDid:CVE-2015-7445date:2016-01-01T05:59:07.690