Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA86B7C49AD3F2181ABFE76854275F42662AE82F7ADCAB6142A3321ED1ABD5198
HistoryFeb 05, 2020 - 12:53 a.m.

Security Bulletin: XML External Entity Injection Security Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4043)

2020-02-0500:53:36
www.ibm.com
6

0.002 Low

EPSS

Percentile

57.7%

JSON

Summary

IBM Sterling B2B Integrator Standard Edition has addressed the XML External Entity Injection vulnerability

Vulnerability Details

CVEID: CVE-2019-4043 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/156239&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)

Affected Products and Versions

IBM Sterling B2B Integrator 5.2.x, 6.0.0.0

Remediation/Fixes

PRODUCT & Version

| APAR |

Remediation/Fix

—|—|—

IBM Sterling B2B Integrator 6.0.0.0

| IT19755 |

Apply IBM Sterling B2B Integrator version 6.0.0.1 available on FixCentral

IBM Sterling B2B Integrator 5.2.x | IT19755 | Apply IBM Sterling B2B Integration version 5.2.6.4_1 available on FixCentral

Workarounds and Mitigations

None

Related

cve 1
prion 1
nvd 1
cvelist 1
cve
cve
CVE-2019-4043
2019-04-02 14:29:01
prion
prion
Xxe
2019-04-02 14:29:00
nvd
nvd
CVE-2019-4043
2019-04-02 14:29:01
cvelist
cvelist
CVE-2019-4043
2019-03-29 00:00:00

0.002 Low

EPSS

Percentile

57.7%

JSON
Related for A86B7C49AD3F2181ABFE76854275F42662AE82F7ADCAB6142A3321ED1ABD5198
cve1prion1nvd1cvelist1