Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
February 23, 2023Rewterz Threat Advisory – Multiple Apple iOS, iPadOS and macOS Ventura Vulnerabilities
February 23, 2023Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
February 23, 2023Rewterz Threat Advisory – Multiple Apple iOS, iPadOS and macOS Ventura Vulnerabilities
February 23, 2023Severity
Medium
Analysis Summary
CVE-2022-43873 CVSS:6.3
An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize GUI to execute code and escalate their privilege on the system.
CVE-2022-43870 CVSS:6.5
IBM Spectrum Virtualize could disclose SNMPv3 server credentials to an authenticated user in log files.
CVE-2022-43578 CVSS:4.6
IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Impact
- Privilege Escalation
- Information Disclosure
- Cross-Site Scripting
Indicators Of Compromise
CVE
- CVE-2022-43873
- CVE-2022-43870
- CVE-2022-43578
Affected Vendors
IBM
Affected Products
- IBM Spectrum Virtualize 8.4
- IBM Spectrum Virtualize 8.3
- IBM Spectrum Virtualize 8.2
- IBM Spectrum Virtualize 8.5
- IBM Sterling B2B Integrator 6.0.0.0
- IBM Sterling B2B Integrator 6.1.0.0
- IBM Sterling B2B Integrator 6.1.2.0
- IBM Sterling B2B Integrator 6.0.3.7
Remediation
Refer to IBM Security Bulletin for patch, upgrade or suggested workaround information.