Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME593E12AB7D6E26E07598ADF3963FAD201BAABDA173B0C2AE81C1AAB831FBC26
HistoryOct 05, 2021 - 8:51 p.m.

Security Bulletin: Apache Xerces2 Vulnerabilities Affect IBM Sterling B2B Integrator (CVE-2012-0881, CVE-2013-4002)

2021-10-0520:51:14
www.ibm.com
49

0.019 Low

EPSS

Percentile

88.5%

JSON

Summary

IBM Sterling B2B Integrator has addressed the vulnerabilities.

Vulnerability Details

CVEID:CVE-2012-0881
**DESCRIPTION:**Apache Xerces2 Java is vulnerable to a denial of service, caused by a flaw in the XML service. By sending a specially crafted message to an XML service, a remote attacker could exploit this vulnerability to consume available CPU resources from the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/134404 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2013-4002
**DESCRIPTION:**A denial of service vulnerability in the Apache Xerces-J parser used by IBM Java could result in a complete availability impact on the affected system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/85260 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C)

Affected Products and Versions

Affected Product(s) APAR(s) Version(s)
IBM Sterling B2B Integrator IT37615 5.2.0.0 - 5.2.6.5_4
IBM Sterling B2B Integrator IT37615 6.0.0.0 - 6.0.0.6, 6.0.1.0 - 6.0.3.4
IBM Sterling B2B Integrator IT37615 6.1.0.0 - 6.1.0.3

Remediation/Fixes

Product & Version Remediation & Fix
5.2.0.0 - 5.2.6.5_4 Apply IBM Sterling B2B Integrator version 6.0.0.7, 6.0.3.5, 6.1.1.0 on Fix Central
6.0.0.0 - 6.0.0.6, 6.0.1.0 - 6.0.3.4 Apply IBM Sterling B2B Integrator version 6.0.0.7, 6.0.3.5, or 6.1.1.0 on Fix Central
6.1.0.0 - 6.1.0.3 Apply IBM Sterling B2B Integrator version 6.1.1.0 on Fix Central

Workarounds and Mitigations

None

Related

ibm 47
osv 2
veracode 3
prion 2
openvas 39
nessus 45
cvelist 2
cve 2
ubuntucve 2
nvd 2
debiancve 1
github 2
atlassian 4
redhat 15
f5 2
fedora 3
mageia 3
securityvulns 2
oraclelinux 4
centos 4
amazon 3
suse 9
ubuntu 1
ibm
ibm
Security Bulletin: Apache Solr, shipped with IBM Operations Analytics - Log Analysis, susceptible to multiple vulnerabilities in Apache Xerces2
2021-04-16 07:16:00
Security Bulletin: Multiple vulnerabilities in Apache Xerces2 Java XML Parser affect IBM Jazz Reporting Service
2023-10-04 10:32:21
Security Bulletin: Order Management is subject to vulnerabilities regarding XML service where a remote attacker could exploit this vulnerability.
2024-04-12 17:33:16
osv
osv
Denial of service in Apache Xerces2
2020-06-15 18:51:38
Missing XML Validation in Apache Xerces2
2022-05-13 01:01:06
veracode
veracode
Denial Of Service (DoS)
2017-10-31 05:53:02
Denial Of Service (DoS)
2017-10-10 02:57:26
Denial Of Service (DoS)
2019-01-15 09:02:50
prion
prion
Code injection
2017-10-30 16:29:00
Code injection
2013-07-23 11:03:00
openvas
openvas
Huawei EulerOS: Security Advisory for xerces-j2 (EulerOS-SA-2020-2405)
2020-11-04 00:00:00
Huawei EulerOS: Security Advisory for xerces-j2 (EulerOS-SA-2020-2068)
2020-09-29 00:00:00
Huawei EulerOS: Security Advisory for xerces-j2 (EulerOS-SA-2020-2277)
2020-10-30 00:00:00
nessus
nessus
EulerOS 2.0 SP3 : xerces-j2 (EulerOS-SA-2020-2068)
2020-09-28 00:00:00
EulerOS 2.0 SP5 : xerces-j2 (EulerOS-SA-2020-2277)
2020-10-30 00:00:00
EulerOS 2.0 SP8 : xerces-j2 (EulerOS-SA-2020-1889)
2020-08-28 00:00:00
cvelist
cvelist
CVE-2012-0881
2017-10-30 16:00:00
CVE-2013-4002
2013-07-23 10:00:00
cve
cve
CVE-2012-0881
2017-10-30 16:29:00
CVE-2013-4002
2013-07-23 11:03:19
ubuntucve
ubuntucve
CVE-2012-0881
2017-10-30 00:00:00
CVE-2013-4002
2013-10-16 00:00:00
nvd
nvd
CVE-2012-0881
2017-10-30 16:29:00
CVE-2013-4002
2013-07-23 11:03:19
debiancve
debiancve
CVE-2012-0881
2017-10-30 16:29:00
github
github
Denial of service in Apache Xerces2
2020-06-15 18:51:38
Missing XML Validation in Apache Xerces2
2022-05-13 01:01:06
atlassian
atlassian
Denial of Service attack through vulnerable Xerces-J library
2015-06-19 06:43:36
Denial of Service attack through vulnerable Xerces-J library
2015-06-19 06:43:36
Update atlassian-gadgets to 4.2.39 to fix CVE-2012-0881, CVE-2014-0114 and other vulnerabilities
2021-02-03 22:43:13
redhat
redhat
(RHSA-2014:1821) Moderate: Red Hat JBoss Enterprise Application Platform 6.3.2 update
2014-11-06 00:00:00
(RHSA-2014:1818) Moderate: Red Hat JBoss Enterprise Application Platform 6.3.2 update
2014-11-06 00:00:00
(RHSA-2014:1822) Moderate: Red Hat JBoss Enterprise Application Platform 6.3.2 update
2014-11-06 16:38:07
f5
f5
K16872 : Java Runtime Environment vulnerability CVE-2013-4002
2015-09-11 00:00:00
SOL16872 - Java Runtime Environment vulnerability CVE-2013-4002
2015-07-07 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: xerces-j2-2.11.0-17.fc20
2014-09-25 10:44:24
[SECURITY] Fedora 21 Update: xerces-j2-2.11.0-22.fc21
2014-09-23 05:03:54
[SECURITY] Fedora 19 Update: xerces-j2-2.11.0-15.fc19
2014-09-25 10:33:09
mageia
mageia
Updated xerces-j2 packages fix CVE-2013-4002
2014-10-07 13:22:51
Updated java-1.6.0-openjdk package fixes multiple vulnerabilities
2013-11-13 23:05:43
Updated java-1.7.0-openjdk package fixes security vulnerabilities
2013-11-13 23:03:04
securityvulns
securityvulns
[ MDVSA-2014:193 ] xerces-j2
2014-10-14 00:00:00
xerces-j DoS
2014-10-14 00:00:00
oraclelinux
oraclelinux
xerces-j2 security update
2014-09-29 00:00:00
java-1.6.0-openjdk security update
2013-11-05 00:00:00
java-1.7.0-openjdk security update
2013-10-21 00:00:00
centos
centos
xerces security update
2014-09-30 10:18:46
java security update
2013-11-05 20:45:16
java security update
2013-10-22 07:41:01
amazon
amazon
Medium: xerces-j2
2014-10-28 17:13:00
Important: java-1.6.0-openjdk
2013-11-05 13:35:00
Critical: java-1.7.0-openjdk
2013-10-23 15:22:00
suse
suse
Security update for IBM Java 5 (important)
2013-11-14 16:04:15
Security update for java-1_5_0-ibm (important)
2013-07-27 17:04:14
Security update for java-1_5_0-ibm (important)
2013-07-30 17:04:11
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2013-11-21 00:00:00

0.019 Low

EPSS

Percentile

88.5%

JSON
Related for E593E12AB7D6E26E07598ADF3963FAD201BAABDA173B0C2AE81C1AAB831FBC26
ibm47osv2veracode3prion2openvas39nessus45cvelist2cve2ubuntucve2nvd2debiancve1github2atlassian4redhat15f52fedora3mageia3securityvulns2oraclelinux4centos4amazon3suse9ubuntu1