PatchSiren cyber security CVE debrief
CVE-2016-0210 IBM CVE debrief
CVE-2016-0210 is an IBM Sterling B2B Integrator Standard Edition information-disclosure issue published by NVD on 2017-02-08. According to the supplied record, a remote attacker could send a specially crafted query to a vulnerable server that allows the HTTP OPTIONS method and cause sensitive information to be returned in the HTTP response. NVD rates the issue CVSS 5.3 (Medium), with network access, no privileges, and no user interaction required.
- Vendor
- IBM
- Product
- CVE-2016-0210
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-08
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-08
- Advisory updated
- 2026-05-13
Who should care
Administrators and security teams responsible for IBM Sterling B2B Integrator Standard Edition deployments, especially systems running the affected 5.1 and 5.2 CPE versions listed by NVD. Exposure is most relevant where HTTP OPTIONS is enabled or cannot be tightly restricted.
Technical summary
The supplied NVD data describes a remote information disclosure condition. The weakness is categorized as CWE-200, and the CVSS vector is CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. NVD lists vulnerable CPE criteria for IBM Sterling B2B Integrator 5.1 and 5.2. The issue is triggered through HTTP OPTIONS handling that can disclose sensitive content in an HTTP response.
Defensive priority
Medium. This is a confidentiality issue rather than an integrity or availability issue, but it is reachable over the network without authentication or user interaction. Prioritize if the service is Internet-facing or if the application handles sensitive business data.
Recommended defensive actions
- Review IBM PSIRT guidance for CVE-2016-0210 and apply any vendor-recommended fix or mitigation.
- Restrict or disable HTTP OPTIONS on exposed Sterling B2B Integrator endpoints if operationally feasible.
- Verify whether your deployment matches the affected IBM Sterling B2B Integrator 5.1 or 5.2 CPE entries in NVD.
- Inspect HTTP responses from the service for unexpected disclosure and confirm only required methods are enabled.
- Limit network exposure to trusted clients and place the service behind appropriate access controls and monitoring.
Evidence notes
This debrief is based only on the supplied NVD record and its references. The record states that allowing HTTP OPTIONS can let a remote attacker cause sensitive information disclosure in the HTTP response. NVD lists the weakness as CWE-200 and the affected CPEs as IBM Sterling B2B Integrator 5.1 and 5.2. References supplied in the source corpus include IBM advisory docview.wss?uid=swg21981549 and SecurityFocus BID 90527. The CVE published date used here is 2017-02-08; later modified dates are treated as record updates, not the original vulnerability date.
Official resources
-
CVE-2016-0210 CVE record
CVE.org
-
CVE-2016-0210 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Published by NVD on 2017-02-08. The supplied record identifies IBM Sterling B2B Integrator Standard Edition as affected and describes a remote sensitive-information disclosure issue when HTTP OPTIONS is allowed.