Request a Demo
Rewterz
Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
February 23, 2023
Rewterz
Rewterz Threat Advisory – Multiple Apple iOS, iPadOS and macOS Ventura Vulnerabilities
February 23, 2023

Rewterz Threat Advisory – Multiple IBM Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2022-43873 CVSS:6.3

An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize GUI to execute code and escalate their privilege on the system.

CVE-2022-43870 CVSS:6.5

IBM Spectrum Virtualize could disclose SNMPv3 server credentials to an authenticated user in log files.

CVE-2022-43578 CVSS:4.6

IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Impact

  • Privilege Escalation
  • Information Disclosure
  • Cross-Site Scripting

Indicators Of Compromise

CVE

  • CVE-2022-43873
  • CVE-2022-43870
  • CVE-2022-43578

Affected Vendors

IBM

Affected Products

  • IBM Spectrum Virtualize 8.4
  • IBM Spectrum Virtualize 8.3
  • IBM Spectrum Virtualize 8.2
  • IBM Spectrum Virtualize 8.5
  • IBM Sterling B2B Integrator 6.0.0.0
  • IBM Sterling B2B Integrator 6.1.0.0
  • IBM Sterling B2B Integrator 6.1.2.0
  • IBM Sterling B2B Integrator 6.0.3.7

Remediation

Refer to IBM Security Bulletin for patch, upgrade or suggested workaround information.

CVE-2022-43873

CVE-2022-43870

CVE-2022-43578