cvedb.io
CVE-2015-5022
UNKNOWN · CVSS n/a
EPSS exploitation probability: 0%
Published 2015-10-06T01:59:16.673 · Last modified 2026-06-17T00:28:20.243

Summary

IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields.

Affected products

ibm — b2b_advanced_communications

Does this affect you?

Add your gear to cvedb and we'll alert you only when ibm ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.