7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
A security bypass vulnerability has been discovered in Apache Xalan-Java libraries used by IBM Sterling B2B Integrator and IBM Sterling File Gateway.
CVEID: CVE-2014-0107
Description: Apache Xalan-Java could allow a remote attacker to bypass security restrictions caused by the improper handling of output properties. An attacker could exploit this vulnerability to bypass the secure processing feature to load arbitrary restricted classes.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92023> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
IBM Sterling B2B Integrator 5.1
IBM Sterling File Gateway 2.1
Product
| VRMF|APAR|Remediation/First Fix
—|—|—|—
Sterling B2B Integrator| 5.1.x| IT03139 | Apply Generic Interim Fix 5104_5. Available on IWM
Sterling File Gateway| 2.1.x| IT03139| Apply Generic Interim Fix 5104_5. Available on IWM
To acquire the fix please login to IWM
For FAQs on downloading an iFix from the IWM site, see the following documentation: _
_https://www14.software.ibm.com/iwm/web/download_en_US.shtml
None Known
CPE | Name | Operator | Version |
---|---|---|---|
ibm sterling b2b integrator | eq | 5.1 |