CVE-2016-6020

Summary

IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

Affected Software

VendorProductVersion RangeStatus
IBM CorporationSterling B2B Integrator5.1affected
IBM CorporationSterling B2B Integrator5.2affected
IBM CorporationSterling B2B Integrator4.3affected
IBM CorporationSterling B2B Integrator5.0affected
IBM CorporationSterling B2B Integrator5.2.4affected
IBM CorporationSterling B2B Integrator-affected
IBM CorporationSterling B2B Integrator5.2.1affected
IBM CorporationSterling B2B Integrator5.2.2affected
IBM CorporationSterling B2B Integrator5.2.3affected
IBM CorporationSterling B2B Integrator5.2.4.1affected
IBM CorporationSterling B2B Integrator5.2.4.2affected
IBM CorporationSterling B2B Integrator5.2.5affected
IBM CorporationSterling B2B Integrator5.2.6affected

Weaknesses

  • Gain Access

ADP Enrichment

CVE Program Container

Additional References

References