Lucene search

K
ibmIBMA27028FEB4AC2C9A262DE2B4713CFC6F3258C4BAA72571EE39D0AD901B84EE4A
HistoryMay 13, 2022 - 2:58 p.m.

Security Bulletin: Multiple Security Vulnerabilities in IBM WebSphere Application Server Affect IBM Sterling B2B Integrator

2022-05-1314:58:22
www.ibm.com
27

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

48.7%

Summary

IBM Sterling B2B Integrator has addressed the security vulnerabilities.

Vulnerability Details

CVEID:CVE-2020-4590
**DESCRIPTION:**IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/184650 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-10693
**DESCRIPTION:**Hibernate Hibernate Validator could allow a remote attacker to bypass security restrictions, caused by a flaw in the message interpolation processor. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass input sanitation controls when handling user-controlled data in error messages.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/182240 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Sterling B2B Integrator with B2B API 5.2.0.0 - 5.2.6.5_3
IBM Sterling B2B Integrator with B2B API 6.0.0.0 - 6.0.3.3
IBM Sterling B2B Integrator with B2B API 6.1.0.0

Remediation/Fixes

Product & Version Remediation & Fix
5.2.0.0 - 5.2.6.5_3 Apply IBM Sterling B2B Integrator version 5.2.6.5_4 on Fix Central
6.0.0.0 - 6.0.3.3 Apply IBM Sterling B2B Integrator version 6.0.3.4 on Fix Central
6.1.0.0 Apply IBM Sterling B2B Integrator version 6.1.0.1 on Fix Central

Workarounds and Mitigations

None

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

48.7%

Related for A27028FEB4AC2C9A262DE2B4713CFC6F3258C4BAA72571EE39D0AD901B84EE4A