IBM Sterling B2B Integrator Standard Edition has addressed the XML External Entity Injection vulnerability
CVEID: CVE-2019-4043 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/156239> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)
IBM Sterling B2B Integrator 5.2.x, 6.0.0.0
PRODUCT & Version
| APAR |
Remediation/Fix
—|—|—
IBM Sterling B2B Integrator 6.0.0.0
| IT19755 |
Apply IBM Sterling B2B Integrator version 6.0.0.1 available on FixCentral
IBM Sterling B2B Integrator 5.2.x | IT19755 | Apply IBM Sterling B2B Integration version 5.2.6.4_1 available on FixCentral
None