CVE-2015-7445 Information

Description

IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4 when guest access is configured allow remote authenticated users to obtain sensitive information by reading error messages in responses.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Reference

http://www.securityfocus.com/bid/79681 http://www-01.ibm.com/support/docview.wss?uid=swg1IT12573 http://www-01.ibm.com/support/docview.wss?uid=swg21972480

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

4.3