Severity
Medium
Analysis Summary
CVE-2022-22339 CVSS:6.5
IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2020-4668 CVSS:4.3
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Impact
- Gain Access
- Cross-Site Scripting
Indicator Of Compromise
CVE
- CVE-2022-22339
- CVE-2020-4668
Affected Vendors
IBM
Affected Products
- IBM Planning Analytics 2.0
- IBM Sterling B2B Integrator 6.0.0.0
- IBM Sterling B2B Integrator 6.1.0.0
- IBM Sterling B2B Integrator 6.1.0.3
- IBM Sterling B2B Integrator 6.1.1.0
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.