CVE-2019-4728
8.8
CVSS:3.0/AC:L/S:U/I:H/AV:N/PR:L/C:H/UI:N/A:H/RL:O/RC:C/E:U
Summary
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges. IBM X-Force ID: 172452.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Sterling B2B Integrator | 6.0.0.0 | affected |
| IBM | Sterling B2B Integrator | 5.2.0.0 | affected |
| IBM | Sterling B2B Integrator | 6.0.3.2 | affected |
| IBM | Sterling B2B Integrator | 6.1.0.0 | affected |
| IBM | Sterling B2B Integrator | 5.2.6.5_2 | affected |
Weaknesses
- Gain Access
ADP Enrichment
CVE Program Container
Additional References
- https://www.ibm.com/support/pages/node/6396172
- https://exchange.xforce.ibmcloud.com/vulnerabilities/172452
References
- https://www.ibm.com/support/pages/node/6396172
- https://exchange.xforce.ibmcloud.com/vulnerabilities/172452
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.