Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA150C2E017839DE1F5CBC686332D12515358F881E715C75E1B2D5509C5D5362A
HistoryMar 03, 2022 - 8:50 p.m.

IBM Sterling B2B Integrator and Sterling Filegateway NOT Affected by CVE-2021-4104, CVE-2021- 44832, CVE-2019-17571, CVE-2022-23307, CVE-2022-23305, CVE-2022-23302 and CVE-2020-9488 Exploit

2022-03-0320:50:59
www.ibm.com
72

0.794 High

EPSS

Percentile

98.3%

JSON

Abstract

IBM Sterling B2B Integrator and Sterling Filegateway NOT Affected by CVE-2021-4104, CVE-2021- 44832, CVE-2019-17571, CVE-2022-23307, CVE-2022-23305,CVE-2022-23302 and CVE-2020-9488 Exploit.
Security Bulletin

Content

Summary

IBM Sterling B2B Integrator and Sterling Filegateway Products are NOT Affected by CVE-2021-4104, CVE-2021- 44832, CVE-2019-17571, CVE-2022-23307, CVE-2022-23305,CVE-2022-23302 and CVE-2020-9488 Exploit

Vulnerability Details

After conducting extensive research product code base, it is determined that none of the products outlined below are vulnerable to CVE-2021-4104, CVE-2021- 44832, CVE-2019-17571, CVE-2022-23307, CVE-2022-23305, CVE-2022-23302 and CVE-2020-9488.

  • IBM Sterling B2B Integrator
  • IBM Sterling Filegateway

Updated Wednesday, January 6, 2022

Refer to the IBM Sterling B2B Integrator and IBM Sterling Filegateway security bulletins for additional information:

<https://www.ibm.com/support/pages/node/6527248&gt;

<https://www.ibm.com/support/pages/node/6537664&gt;

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

References

Complete CVSS v3 Guide
On-line Calculator v3

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES ““AS IS”” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

[{“Type”:“MASTER”,“Line of Business”:{“code”:“LOB02”,“label”:“AI Applications”},“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Product”:{“code”:“SS3JSW”,“label”:“IBM Sterling B2B Integrator”},“ARM Category”:[{“code”:“a8m50000000Cjy9AAC”,“label”:“Security-\u003ESecurity Vulnerability”}],“ARM Case Number”:“”,“Platform”:[{“code”:“PF025”,“label”:“Platform Independent”}],“Version”:“All Versions”}]

Related

redhat 33
ibm 33
openvas 20
osv 12
ubuntu 1
nessus 45
oraclelinux 3
suse 5
rocky 1
debian 2
almalinux 1
gentoo 1
centos 1
atlassian 8
mageia 1
amazon 4
rosalinux 1
nvd 3
cve 2
github 3
prion 3
cloudlinux 2
f5 3
cvelist 2
ubuntucve 3
debiancve 3
attackerkb 1
veracode 2
redhat
redhat
(RHSA-2022:0497) Important: Red Hat JBoss Data Virtualization 6.4.8.SP1 security update
2022-02-09 13:03:14
(RHSA-2022:0507) Important: Red Hat JBoss Data Virtualization 6.4.8.SP2 security update
2022-02-10 17:22:10
(RHSA-2022:0437) Important: Red Hat JBoss Enterprise Application Platform 6.4 security update
2022-02-03 18:34:46
ibm
ibm
Security Bulletin: Multiple vulnerabilities in log4j-1.2.16.jar used by IBM Operations Analytics - Log Analysis
2022-09-19 06:36:49
Security Bulletin: IBM Sterling Order Management migration strategy to Apache Log4j vulnerability (see CVEs below)
2022-10-20 18:18:17
Security Bulletin: IBM InfoSphere Information Server may be affected by vulnerabilities in Apache log4j 1.x version
2022-10-14 22:13:39
openvas
openvas
ILIAS < 5.4.26, 6.x < 6.14, 7.x < 7.5 ilServer Multiple Log4j Vulnerabilities
2022-01-28 00:00:00
Ubuntu: Security Advisory (USN-5998-1)
2023-04-06 00:00:00
Debian: Security Advisory (DLA-2905-1)
2022-02-01 00:00:00
osv
osv
apache-log4j1.2 vulnerabilities
2023-04-05 21:26:34
apache-log4j1.2 - security update
2022-01-31 00:00:00
Important: parfait:0.5 security update
2022-01-26 14:27:19
ubuntu
ubuntu
Apache Log4j vulnerabilities
2023-04-05 00:00:00
nessus
nessus
Apache Log4j 1.x Multiple Vulnerabilities
2022-01-19 00:00:00
GLSA-202402-16 : Apache Log4j: Multiple Vulnerabilities
2024-02-18 00:00:00
RHEL 8 : RHV Manager (ovirt-engine) security update [ovirt-4.4.10-1] (Low) (RHSA-2022:0475)
2022-02-09 00:00:00
oraclelinux
oraclelinux
parfait:0.5 security update
2022-01-27 00:00:00
log4j security update
2022-02-08 00:00:00
log4j security update
2022-05-23 00:00:00
suse
suse
Security update for kafka (important)
2022-02-16 00:00:00
Security update for log4j (important)
2022-01-27 00:00:00
Security update for log4j12 (important)
2022-01-28 00:00:00
rocky
rocky
parfait:0.5 security update
2022-01-26 14:27:19
debian
debian
[SECURITY] [DLA 2905-1] apache-log4j1.2 security update
2022-01-31 14:24:44
[SECURITY] [DLA 2065-1] apache-log4j1.2 security update
2020-01-12 22:27:19
almalinux
almalinux
Important: parfait:0.5 security update
2022-01-26 14:27:19
gentoo
gentoo
Apache Log4j: Multiple Vulnerabilities
2024-02-18 00:00:00
centos
centos
log4j security update
2022-02-07 16:47:44
atlassian
atlassian
Crowd: Multiple vulnerabilities in log4j < 1.2.7-atlassian-16
2022-05-18 08:53:01
Jira: Multiple vulnerabilities in log4j < 1.2.17-atlassian-16
2022-06-06 12:49:38
Update Log4J to 1.2.17-atlassian-16 to fix CVE-2022-23305, CVE-2022-23307, CVE-2020-9493, CVE-2022-23302
2022-04-08 16:20:16
mageia
mageia
Updated davmail packages fix security vulnerability
2023-04-15 22:03:44
amazon
amazon
Important: log4j
2023-03-30 22:50:00
Important: log4j
2022-02-15 22:54:00
Important: log4j
2022-01-18 20:15:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1909
2021-07-02 17:26:24
nvd
nvd
CVE-2022-23302
2022-01-18 16:15:08
CVE-2019-17571
2019-12-20 17:15:11
CVE-2020-9488
2020-04-27 16:15:12
cve
cve
CVE-2022-23302
2022-01-18 16:15:08
CVE-2020-9488
2020-04-27 16:15:12
github
github
Deserialization of Untrusted Data in Log4j 1.x
2022-01-21 23:27:14
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender
2020-06-05 14:15:51
Deserialization of Untrusted Data in Log4j
2020-01-06 18:43:49
prion
prion
Deserialization of untrusted data
2022-01-18 16:15:00
Deserialization of untrusted data
2019-12-20 17:15:00
Input validation
2020-04-27 16:15:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2022-23307, CVE-2022-23302
2022-02-10 13:49:32
Fixed CVE-2019-17571 in log4j
2022-06-21 20:23:31
f5
f5
K59563964 : Apache Log4j Remote Code Execution vulnerability CVE-2022-23302
2022-01-31 00:00:00
K34002344 : Overview of Log4j vulnerabilities (2021 and 2022)
2022-02-01 00:00:00
K61529042 : Log4j vulnerability CVE-2019-17571
2020-04-08 00:00:00
cvelist
cvelist
CVE-2022-23302 Deserialization of untrusted data in JMSSink in Apache Log4j 1.x
2022-01-18 15:25:20
CVE-2020-9488
2020-04-27 15:36:10
ubuntucve
ubuntucve
CVE-2022-23302
2022-01-18 00:00:00
CVE-2019-17571
2019-12-20 00:00:00
CVE-2020-9488
2020-04-27 00:00:00
debiancve
debiancve
CVE-2022-23302
2022-01-18 16:15:08
CVE-2019-17571
2019-12-20 17:15:11
CVE-2020-9488
2020-04-27 16:15:12
attackerkb
attackerkb
CVE-2019-17571
2019-12-20 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-12-23 04:57:47
Improper Validation Of Certificate
2020-04-28 07:08:30

0.794 High

EPSS

Percentile

98.3%

JSON
Related for A150C2E017839DE1F5CBC686332D12515358F881E715C75E1B2D5509C5D5362A
redhat33ibm33openvas20osv12ubuntu1nessus45oraclelinux3suse5rocky1debian2almalinux1gentoo1centos1atlassian8mageia1amazon4rosalinux1nvd3cve2github3prion3cloudlinux2f53cvelist2ubuntucve3debiancve3attackerkb1veracode2