Lucene search

K
ibmIBM0BFA95615C47A8731EA2BE8892AD132D9865D65EF45F22364FDFDE9DF1A13C48
HistoryFeb 05, 2020 - 12:53 a.m.

Security Bulletin: Multiple vulnerabilities in Global Mailbox in IBM Sterling B2B Integrator (CVE-2015-5262, CVE-2014-3577)

2020-02-0500:53:36
www.ibm.com
14

0.033 Low

EPSS

Percentile

91.3%

Summary

IBM Global Mailbox is vulnerable to denial of service attacks and spoofing attacks due to the vulnerabilities in Apache httpClient

Vulnerability Details

CVEID: CVE-2015-5262**
DESCRIPTION:** Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured connection during the initial handshake of an HTTPS connection by the HttpClient component. An attacker could exploit this vulnerability to accumulate multiple connections and exhaust all available resources.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/106932&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2014-3577**
DESCRIPTION:** Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject’s Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95327&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

IBM Sterling B2B Integrator 5.2.6

Remediation/Fixes

Product & Version

| Remediation/Fix
—|—
IBM Sterling B2B Integrator 5.2.6 with Global Mailbox| Apply B2B Integrator fix pack 5020603_2 on Fix Central

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm sterling b2b integratoreq5.2.6