Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMFCB3F124C44EEB312D6A8084016F3486CBA058D4141D3312A5887389FFA9B7E3
HistoryFeb 05, 2020 - 12:53 a.m.

Security Bulletin: Multiple vulnerabilities in EBICS client in IBM Sterling B2B Integrator (CVE-2017-1132, CVE-2017-1347, CVE-2017-1348)

2020-02-0500:53:36
www.ibm.com
7

0.001 Low

EPSS

Percentile

45.0%

JSON

Summary

OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Sterling B2B Integrator. IBM Sterling B2B Integrator has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2017-1132**
DESCRIPTION:** IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121418&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2017-1347**
DESCRIPTION:** IBM Sterling B2B Integrator Standard Edition is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVSS Base Score: 6.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/126462&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2017-1348**
DESCRIPTION:** IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/126524&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

IBM Sterling B2B Integrator 5.2

Remediation/Fixes

Product & Version

| APAR|Remediated Fix
—|—|—
IBM Sterling B2B Integrator 5.2| IT18265, IT20381, IT20451| EBICS client customers must upgrade their B2B Integrator to 5020603_2 on Fix Central and then install v_ebics_client_1000603_2.jar in <SI_Install_Dir>/packages using InstallService.sh or InstallService.cmd. For CVE-2017-1347 and CVE-2017-1348, a customer can also upgrade B2B Integrator to 5020500_16 on Fix Central then install v_ebics_client_1000500_16.jar .

Workarounds and Mitigations

None

Related

prion 3
nvd 3
cvelist 3
cve 3
prion
prion
Sql injection
2017-06-23 16:29:00
Cross site scripting
2017-06-23 16:29:00
Cross site scripting
2017-06-23 16:29:00
nvd
nvd
CVE-2017-1347
2017-06-23 16:29:00
CVE-2017-1132
2017-06-23 16:29:00
CVE-2017-1348
2017-06-23 16:29:00
cvelist
cvelist
CVE-2017-1347
2017-06-23 16:00:00
CVE-2017-1348
2017-06-23 16:00:00
CVE-2017-1132
2017-06-23 16:00:00
cve
cve
CVE-2017-1347
2017-06-23 16:29:00
CVE-2017-1348
2017-06-23 16:29:00
CVE-2017-1132
2017-06-23 16:29:00

0.001 Low

EPSS

Percentile

45.0%

JSON
Related for FCB3F124C44EEB312D6A8084016F3486CBA058D4141D3312A5887389FFA9B7E3
prion3nvd3cvelist3cve3