CVE-2014-0927

The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to bypass authentication by leveraging knowledge of the port number and webapp path. IBM X-Force ID: 92259.

Published: Apr 20, 2018
Updated: Apr 13, 2023
CVE: CVE-2014-0927
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
ibm / sterling_b2b_integrator	5.2	5.2.x
ibm / sterling_b2b_integrator	5.1	5.1.x
ibm / sterling_file_gateway	2.1	2.1.x
ibm / sterling_file_gateway	2.2	2.2.x

http://www-01.ibm.com/support/docview.wss?uid=swg21674739
https://exchange.xforce.ibmcloud.com/vulnerabilities/92259

Vulnerability Database

289,697

CVE-2014-0927