Lucene search

IBM5FC2023525F3436D5EE4FCA63DD2D16819B6E206DC74892FB585E63AEB2D1856

HistoryMay 13, 2022 - 2:58 p.m.

Security Bulletin: Deserialization Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4728)

2022-05-1314:58:22

www.ibm.com

ibm sterling b2b integrator

deserialization vulnerability

remedy

version 5.2.6.5_3

version 6.0.3.3

version 6.1.0.1

apar it32833

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.01

Percentile

83.7%

JSON

Summary

IBM Sterling B2B Integrator has addressed the deserialization vulnerability.

Vulnerability Details

CVEID:CVE-2019-4728
**DESCRIPTION:**IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172452 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Sterling B2B Integrator	5.2.0.0 - 5.2.6.5_2
IBM Sterling B2B Integrator	6.0.0.0 - 6.0.3.2
IBM Sterling B2B Integrator	6.1.0.0

Remediation/Fixes

Product & Version	APAR	Remediation & Fix
5.2.0.0 - 5.2.6.5_2	IT32833	Apply IBM Sterling B2B Integrator version 5.2.6.5_3, 6.0.3.3 or 6.1.0.1 on Fix Central
6.0.0.0 - 6.0.3.2	IT32833	Apply IBM Sterling B2B Integrator version 6.0.3.3 or 6.1.0.1 on Fix Central
6.1.0.0	IT32833	Apply IBM Sterling B2B Integrator version 6.1.0.1 on Fix Central

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsterling_b2b_integratorMatch5.2.0.0

ibmsterling_b2b_integratorMatch5.2.6.5

ibmsterling_b2b_integratorMatch2

ibmsterling_b2b_integratorMatch6.0.0.0

ibmsterling_b2b_integratorMatch6.0.3.2

ibmsterling_b2b_integratorMatch6.1.0.0

VendorProductVersionCPE
ibmsterling_b2b_integrator5.2.0.0cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.0.0:*:*:*:*:*:*:*
ibmsterling_b2b_integrator5.2.6.5cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.6.5:*:*:*:*:*:*:*
ibmsterling_b2b_integrator2cpe:2.3:a:ibm:sterling_b2b_integrator:2:*:*:*:*:*:*:*
ibmsterling_b2b_integrator6.0.0.0cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
ibmsterling_b2b_integrator6.0.3.2cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.3.2:*:*:*:*:*:*:*
ibmsterling_b2b_integrator6.1.0.0cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	sterling_b2b_integrator	5.2.0.0	cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.0.0:::::::*
ibm	sterling_b2b_integrator	5.2.6.5	cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.6.5:::::::*
ibm	sterling_b2b_integrator	2	cpe:2.3:a:ibm:sterling_b2b_integrator:2:::::::*
ibm	sterling_b2b_integrator	6.0.0.0	cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:::::::*
ibm	sterling_b2b_integrator	6.0.3.2	cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.3.2:::::::*
ibm	sterling_b2b_integrator	6.1.0.0	cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:::::::*

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.01

Percentile

83.7%

JSON

Related for 5FC2023525F3436D5EE4FCA63DD2D16819B6E206DC74892FB585E63AEB2D1856