{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-40232","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2022-09-08T15:59:19.269Z","datePublished":"2023-02-17T17:44:47.900Z","dateUpdated":"2025-03-12T20:00:58.149Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Sterling B2B Integrator Standard Edition","vendor":"IBM","versions":[{"lessThan":"6.1.1.1","status":"affected","version":"6.1.0.0","versionType":"semver"},{"status":"affected","version":"6.1.2.0"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n<span style=\"background-color: rgb(204, 217, 226);\">IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID: 235597.</span>\n\n"}],"value":"\nIBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID: 235597.\n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":6.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"description":"284 Improper Access Control","lang":"en"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2023-02-17T17:44:47.900Z"},"references":[{"tags":["vendor-advisory"],"url":"https://www.ibm.com/support/pages/node/6954465"},{"tags":["vdb-entry"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/235597"}],"source":{"discovery":"UNKNOWN"},"title":"IBM Sterling B2B Integrator Standard Edition improper access control","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T12:14:40.016Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://www.ibm.com/support/pages/node/6954465"},{"tags":["vdb-entry","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/235597"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-12T20:00:46.857008Z","id":"CVE-2022-40232","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-12T20:00:58.149Z"}}]}}