IBM358D89493C2A2BF9FD3D963FB97D224BC57BCDAF3B512E7098B1B759CEABD13CSecurity Bulletin: IBM Sterling B2B Integrator is vulnerable to information disclosure due to OWASP ESAPI (CVE-2010-3300)
0.001 Low
EPSS
Percentile
51.0%
Summary
IBM Sterling B2B Integrator uses OWASP ESAPI. This bulletin identifies the steps to take to address the vulnerability.
Vulnerability Details
CVEID:CVE-2010-3300
**DESCRIPTION:**OWASP ESAPI for Java could allow a remote attacker to obtain sensitive information, caused by a padding oracle attack. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/204432 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Sterling B2B Integrator | 6.0.0.0 - 6.0.3.8 |
| IBM Sterling B2B Integrator | 6.1.0.0 - 6.1.2.3 |
Remediation/Fixes
IBM strongly recommends addressing the vulnerability now.
| Product | Version | APAR | Remediation & Fix |
|---|---|---|---|
| IBM Sterling B2B Integrator | 6.0.0.0 - 6.0.3.8 | IT43591 | Apply 6.0.3.9 |
| IBM Sterling B2B Integrator | 6.1.0.0 - 6.1.2.3 | IT43591 | Apply 6.1.2.5 or 6.2.0.0 |
The IIM versions of 6.0.3.9 and 6.1.2.5 are available on Fix Central. The IIM version of 6.2.0.0 is available on Passport Advantage
The container version of 6.1.2.5 and 6.2.0.0 are available in IBM Entitled Registry.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm sterling b2b integrator | eq | 6.0.0.0 | |
| ibm sterling b2b integrator | eq | 6.2.0.0 |
Related
0.001 Low
EPSS
Percentile
51.0%