Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to Cryptographic Weakness in IBM Liberty Server ( CVE-2020-36732)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the cryptographic weakness vulnerability Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an intege...

CVE-2025-2827

IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 could disclose sensitive installation directory information to an authenticated user that could be used in further attacks against the system...

IBM Sterling B2B Integrator和IBM Sterling File Gateway 跨站请求伪造漏洞

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with different partner communities.IBM Sterling File Gateway is a...

Security Bulletin: IBM Sterling B2B Integrator is affected by security vulnerability in OpenSSH

Summary IBM Sterling B2B Integrator is affected by security vulnerability in OpenSSH Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity chec...

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to cross-site scripting (CVE-2024-31913 CVE-2024-31914)

Summary IBM Sterling B2B Integrator is vulnerable to cross-site scripting. Vulnerability Details CVEID:CVE-2024-31914 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the W...

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to cross-site scripting (CVE-2023-32340 CVE-2023-50309)

Summary IBM Sterling B2B Integrator is vulnerable to cross-site scripting. Vulnerability Details CVEID:CVE-2023-32340 DESCRIPTION: IBM Sterling B2B Integrator is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the...

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to information disclosure

Summary IBM Sterling B2B Integrator is vulnerable to information disclosure . Vulnerability Details CVEID:CVE-2024-27263 DESCRIPTION: IBM Sterling B2B Integrator could allow an authenticated user to obtain sensitive information from the dashboard UI using man in the middle techniques. CWE:CWE-300...

Security Bulletin: IBM B2B Sterling Integrator is affected by Fasterxml jackson-databind vulnerability to denial of service

Summary IBM B2B Sterling Integrator is affected by Fasterxml jackson-databind vulnerability to denial of service Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By persuading a victim to ope...

Security Bulletin: IBM Sterling B2B Integrator is affected by multiple vulnerabilities in Eclipse Jetty

Summary IBM Sterling B2B Integrator is affected by multiple vulnerabilities in Eclipse Jetty Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication validation when using t...

Security Bulletin: IBM B2B Sterling Integrator is vunerable to information disclosure due to Spring Boot

Summary IBM B2B Sterling Integrator is vunerable to information disclosure due to Spring Boot Vulnerability Details CVEID:CVE-2023-34055 DESCRIPTION: VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when application uses Spring MVC or Spring WebFlux or...

Security Bulletin: Security Vulnerabilities in IBM MQ Affect IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator is affected by vulnerabilities in IBM MQ. Vulnerability Details CVEID:CVE-2024-25015 DESCRIPTION: IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all...

PT-2024-10279 · Ibm · Ibm Sterling Secure Proxy

Name of the Vulnerable Software and Affected Versions: IBM Sterling Secure Proxy versions 6.0.0.0 through 6.2.0.0 Description: The issue is related to improper validation of a specified type of input, which can allow a privileged user to inject commands into the underlying operating system. This...

Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path (CVE-2023-51074)

Summary B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path CVE-2023-51074. IBM Sterling B2B Integrator has remediated this vulnerabilty; Follow steps identified in Remediation/Fixes section to address vulnerability in your environment. Vulnerability Details...

Security Bulletin: IBM Sterling B2B Integrator Document Service container vulnerable to multiple issues due to Apache Tomcat

Summary IBM Sterling B2B Integrator's Document Service container users Apache Tomcat. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-46589 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsin...

Security Bulletin: IBM Sterling B2B Integrator dashboard is vulnerable to cross-site request forgery (CVE-2022-35638)

Summary IBM Sterling B2B Integrator has addressed the cross-site request forgery security vulnerability within dashboard. Vulnerability Details CVEID: CVE-2022-35638 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site request forgery which could allow an attacker...

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to cross-site scripting ( CVE-2022-46771 )

Summary IBM UrbanCode Deploy UCD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details...

CVE-2022-35716

IBM UrbanCode Deploy UCD 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360...

Security Bulletin: IBM Sterling Control Center is vulnerable to remote attack on MQXR service due to IBM WebSphere MQ (CVE-2015-4943)

Summary IBM WebSphere MQ is used by IBM Sterling Control Center. IBM WebSphere MQ could allow a remote attacker to crash the MQXR service, and the issue has been addressed. Vulnerability Details CVEID: CVE-2015-4943 DESCRIPTION: IBM WebSphere MQ could allow a remote attacker to crash the MQXR...

Security Bulletin: IBM Sterling Control Center is vulnerable to a denial of service vulnerability due to Apache Xerces2 Java XML Parser (CVE-2022-23437)

Summary Apache Xerces2 Java XML Parser is used by IBM Sterling Control Center. A denial of service vulnerability in Apache Xerces2 Java XML Parser has been addressed. Vulnerability Details CVEID: CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caus...

Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2021-35578)

Summary A maliciously crafted TLS 1.3 ClientHello packet can trigger a NullPointerException and an SSLException instead ofbeing rejected gracefully. The fix ensures that the invalid data is rejected gracefully. Vulnerability Details CVEID: CVE-2021-35578 DESCRIPTION: An unspecified vulnerability ...