Lucene search

IBMED95E3C9B17E791BE096F7F8DD0EBA8200D15FD886ED5F00DA8970E6BD6BA265

HistoryMay 13, 2022 - 2:58 p.m.

Security Bulletin: IBM MQ Vulnerability Affects IBM Sterling B2B Integrator (CVE-2020-4682)

2022-05-1314:58:22

www.ibm.com

ibm sterling b2b integrator

ibm mq

vulnerability

remote attacker

arbitrary code

deserialization

cvss

fix

security bulletin

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.01

Percentile

83.3%

JSON

Summary

IBM Sterling B2B Integrator has addressed the security vulnerability from IBM MQ.

Vulnerability Details

CVEID:CVE-2020-4682
**DESCRIPTION:**IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186509 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s)	APAR(s)	Version(s)
IBM Sterling B2B Integrator	IT37912	5.2.0.0 - 5.2.6.5_3
IBM Sterling B2B Integrator	IT37912	6.0.0.0 - 6.0.0.6, 6.0.1.0 - 6.0.3.4
IBM Sterling B2B Integrator	IT37912	6.1.0.0 - 6.1.0.1

Remediation/Fixes

Product & Version	Remediation & Fix
5.2.0.0 - 5.2.6.5_3	Apply IBM Sterling B2B Integrator version 5.2.6.5_4, 6.0.0.7, 6.0.3.5, 6.1.0.2 or 6.1.1.0 on Fix Central
6.0.0.0 - 6.0.0.6, 6.0.1.0 - 6.0.3.4	Apply IBM Sterling B2B Integrator version 6.0.0.7, 6.0.3.5, 6.1.0.2 or 6.1.1.0 on Fix Central
6.1.0.0 - 6.1.0.1	Apply IBM Sterling B2B Integrator version 6.1.0.2 or 6.1.1.0 on Fix Central

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsterling_b2b_integratorMatch5.2.0.0

ibmsterling_b2b_integratorMatch6.1.1.0

VendorProductVersionCPE
ibmsterling_b2b_integrator5.2.0.0cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.0.0:*:*:*:*:*:*:*
ibmsterling_b2b_integrator6.1.1.0cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	sterling_b2b_integrator	5.2.0.0	cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.0.0:::::::*
ibm	sterling_b2b_integrator	6.1.1.0	cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.1.0:::::::*

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.01

Percentile

83.3%

JSON

Related for ED95E3C9B17E791BE096F7F8DD0EBA8200D15FD886ED5F00DA8970E6BD6BA265