OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Sterling B2B Integrator. IBM Sterling B2B Integrator has addressed the applicable CVEs.
CVEID: CVE-2017-1132**
DESCRIPTION:** IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121418> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2017-1347**
DESCRIPTION:** IBM Sterling B2B Integrator Standard Edition is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVSS Base Score: 6.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/126462> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2017-1348**
DESCRIPTION:** IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/126524> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
IBM Sterling B2B Integrator 5.2
Product & Version
| APAR|Remediated Fix
—|—|—
IBM Sterling B2B Integrator 5.2| IT18265, IT20381, IT20451| EBICS client customers must upgrade their B2B Integrator to 5020603_2 on Fix Central and then install v_ebics_client_1000603_2.jar in <SI_Install_Dir>/packages using InstallService.sh or InstallService.cmd. For CVE-2017-1347 and CVE-2017-1348, a customer can also upgrade B2B Integrator to 5020500_16 on Fix Central then install v_ebics_client_1000500_16.jar .
None