Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM939450FC286D019C3582A69FAC55E530CABE5642EC790D37E2DD48CC3E4BD7E2
HistoryMay 13, 2022 - 2:58 p.m.

Security Bulletin: Apache WSS4J Vulnerabilities Affect IBM Sterling B2B Integrator

2022-05-1314:58:22
www.ibm.com
14

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.9%

JSON

Summary

IBM Sterling B2B Integrator has addressed the security vulnerablities from WSS4J.

Vulnerability Details

CVEID:CVE-2015-0227
**DESCRIPTION:**Apache WSS4J could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce the requireSignedEncryptedDataElements property. An attacker could exploit this vulnerability using various types of wrapping attacks to bypass security restrictions and perform unauthorized actions.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/100837 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID:CVE-2015-0226
**DESCRIPTION:**Apache WSS4J could allow a remote attacker to obtain sensitive information, caused by Bleichenbacher’s attack on XML Encryption. By sending a specially-crafted message, an attacker could exploit this vulnerability to decrypt the key and obtain sensitive information.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/100836 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Sterling B2B Integrator 5.2.0.0 - 6.0.3.4
IBM Sterling B2B Integrator 6.0.0.0 - 6.1.0.3

Remediation/Fixes

Product & Version ** Remediation & Fix**
5.2.0.0 - 6.0.3.4 Apply IBM Sterling B2B Integrator version 6.1.1.0 or 6.0.3.5 on Fix Central
6.0.0.0 - 6.1.0.3 Apply IBM Sterling B2B Integrator version 6.1.1.0 on Fix Central

Workarounds and Mitigations

None

Related

ibm 7
osv 2
prion 2
ubuntucve 2
github 2
debiancve 2
cve 2
redhat 8
nessus 7
oracle 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Open Source Apache WSS4J affect IBM InfoSphere DataStage Web services pack (CVE-2015-0226 CVE-2015-0227)
2018-06-16 14:07:40
Security Bulletin: Vulnerabilities in WSS4J affects IBM CΓΊram (CVE-2015-0226 & CVE-2015-0227 )
2018-06-17 13:05:59
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Integrated Information Core (CVE-2015-0226)
2022-09-26 03:37:05
osv
osv
Improper Access Control in Apache WSS4J
2022-05-14 02:57:28
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J
2022-05-14 00:55:57
prion
prion
Design/Logic Flaw
2015-02-12 16:59:00
Design/Logic Flaw
2017-10-30 14:29:00
ubuntucve
ubuntucve
CVE-2015-0227
2015-02-12 00:00:00
CVE-2015-0226
2017-10-30 00:00:00
github
github
Improper Access Control in Apache WSS4J
2022-05-14 02:57:28
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J
2022-05-14 00:55:57
debiancve
debiancve
CVE-2015-0227
2015-02-12 16:59:00
CVE-2015-0226
2017-10-30 14:29:00
cve
cve
CVE-2015-0227
2015-02-12 16:59:00
CVE-2015-0226
2017-10-30 14:29:00
redhat
redhat
(RHSA-2015:0773) Important: Red Hat JBoss Data Grid 6.4.1 update
2015-04-01 14:38:06
(RHSA-2015:1177) Important: Red Hat JBoss A-MQ 6.2.0 update
2015-06-23 16:46:14
(RHSA-2015:0846) Important: Red Hat JBoss Enterprise Application Platform 6.4.0 update
2015-04-16 00:00:00
nessus
nessus
RHEL 6 : JBoss EAP (RHSA-2015:0847)
2015-04-20 00:00:00
RHEL 5 : JBoss EAP (RHSA-2015:0846)
2015-04-20 00:00:00
RHEL 7 : JBoss EAP (RHSA-2015:0848)
2018-09-04 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2019
2019-07-16 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

52.9%

JSON
Related for 939450FC286D019C3582A69FAC55E530CABE5642EC790D37E2DD48CC3E4BD7E2
ibm7osv2prion2ubuntucve2github2debiancve2cve2redhat8nessus7oracle1