Security Bulletin: Multiple Cross-Site Scripting Vulnerabilities Affect IBM Sterling B2B Integrator (CVE-2019-4027, CVE-2019-4028, CVE-2019-4029)

2020-02-0500:53:36

www.ibm.com

0.001 Low

EPSS

Percentile

22.7%

JSON

Summary

IBM Sterling B2B Integrator Standard Edition has addressed the cross-scripting vulnerabilities

Vulnerability Details

CVEID: CVE-2019-4029 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155907> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2019-4027 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155905> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2019-4028 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155906> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

IBM Sterling B2B Integrator 5.2.0.1 - 6.0.0.0

Remediation/Fixes

PRODUCT & Version

| APAR |

Remediation/Fix

—|—|—

IBM Sterling B2B Integrator 5.2.0.1 - 6.0.0.0

| IT27458, IT27878, IT27461, IT27881 |

For CVE-2019-4029, apply IBM Sterling B2B Integrator version 5.2.6.3_9 or 6.0.0.1 available on Fix Central For others, apply 6.0.0.1

Workarounds and Mitigations

CPENameOperatorVersion
ibm sterling b2b integratoreq5.2.0.1
ibm sterling b2b integratoreq6.0.0.0

CPE	Name	Operator	Version
	ibm sterling b2b integrator	eq	5.2.0.1
	ibm sterling b2b integrator	eq	6.0.0.0

0.001 Low

EPSS

Percentile

22.7%

JSON

Related for E09260E77B8F8189B65960BACA3334DC1E3D2F62E44ACE3A2533256F208CA596