Lucene search

IbmCVE-2019-4728

HistoryJan 05, 2021 - 3:15 p.m.

CVE-2019-4728

2021-01-0515:15:13

CWE-502

ibm

web.nvd.nist.gov

ibm

sterling

b2b integrator

remote code execution

vulnerability

cve-2019-4728

nvd

x-force

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.01

Percentile

83.7%

JSON

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges. IBM X-Force ID: 172452.

Affected configurations

Nvd

Vulners

Node

hphp-uxMatch-

ibmaixMatch-

ibmiMatch-

linuxlinux_kernelMatch-

microsoftwindowsMatch-

oraclesolarisMatch--

AND

ibmsterling_b2b_integratorRange5.2.0.0–5.2.6.5_2standard

ibmsterling_b2b_integratorRange6.0.0.0–6.0.3.2standard

ibmsterling_b2b_integratorMatch6.1.0.0standard

VendorProductVersionCPE
hphp-ux-cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
ibmaix-cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
ibmi-cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
oraclesolaris-cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*
ibmsterling_b2b_integrator*cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*
ibmsterling_b2b_integrator6.1.0.0cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:*

Vendor	Product	Version	CPE
hp	hp-ux	-	cpe:2.3:o:hp:hp-ux:-:::::::*
ibm	aix	-	cpe:2.3:o:ibm:aix:-:::::::*
ibm	i	-	cpe:2.3:o:ibm:i:-:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
oracle	solaris	-	cpe:2.3:o:oracle:solaris:-::::::-:
ibm	sterling_b2b_integrator	*	cpe:2.3:a:ibm:sterling_b2b_integrator:::::standard:::*
ibm	sterling_b2b_integrator	6.1.0.0	cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0::::standard:::

CNA Affected

[
  {
    "product": "Sterling B2B Integrator",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "6.0.0.0"
      },
      {
        "status": "affected",
        "version": "5.2.0.0"
      },
      {
        "status": "affected",
        "version": "6.0.3.2"
      },
      {
        "status": "affected",
        "version": "6.1.0.0"
      },
      {
        "status": "affected",
        "version": "5.2.6.5_2"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/172452

www.ibm.com/support/pages/node/6396172

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.01

Percentile

83.7%

JSON

Related for CVE-2019-4728