Security Bulletin: IBM Sterling B2B Integrator is vulnerable to information disclosure due to Apache Commons Codec (177835)

Summary IBM Sterling B2B Integrator uses Apache Commons Codec. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the...

Security Bulletin: IBM B2B Sterling Integrator is affected by Apache MINA SSHD vulnerability to information disclosure (CVE-2023-35887)

Summary IBM B2B Sterling Integrator is affected by Apache MINA SSHD vulnerability to information disclosure. Vulnerability Details CVEID:CVE-2023-35887 DESCRIPTION: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers...

Security Bulletin: IBM Sterling B2B Integrator - The Document Service Container in IBM Sterling B2B Integrator is vulnerable to denial of service due to jackson-core (256137)

Summary The Document Service Container in IBM Sterling B2B Integrator is vulnerable to a denial of service due to jackson-core 256137. IBM Sterling B2B Integrator has addressed the vulnerabilty in the Remediation/Fixes section of this bulletin. Vulnerability Details IBM X-Force ID: 256137...

Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path (CVE-2023-51074)

Summary B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path CVE-2023-51074. IBM Sterling B2B Integrator has remediated this vulnerabilty; Follow steps identified in Remediation/Fixes section to address vulnerability in your environment. Vulnerability Details...

Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnerable to information disclosure due to Springfox Swagger (CVE-2019-17495)

Summary IBM Sterling B2B Integrator uses Springfox Swagger. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. ...

Security Bulletin: IBM Sterling B2B Integrator vulnerable to denial of service due to snappy-java (CVE-2023-43642)

Summary IBM Sterling B2B Integrator uses snappy-java. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sendin...

Security Bulletin: IBM Sterling B2B Integrator vulnerable to security bypass due to Apache Santuario XML Security for Java (CVE-2021-40690)

Summary IBM Sterling B2B Integrator uses Apache Santuario XML Security for Java. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2021-40690 DESCRIPTION: Apache Santuario XML Security for Java could allow a remote attacker to bypass securi...

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to cross-site scripting (CVE-2024-22357)

Summary This bulletin identifies the steps to take to address a cross-site scripting vulnerability within IBM Sterling B2B Integrator. Vulnerability Details CVEID:CVE-2024-22357 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability...

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to information disclosure due to OWASP ESAPI (CVE-2010-3300)

Summary IBM Sterling B2B Integrator uses OWASP ESAPI. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2010-3300 DESCRIPTION: OWASP ESAPI for Java could allow a remote attacker to obtain sensitive information, caused by a padding oracle...

Security Bulletin: IBM Sterling B2B Integrator affected by vulnerabilities due to Eclipse Jetty (CVE-2023-26048, CVE-2023-26049)

Summary IBM Sterling B2B Integrator uses Eclipse Jetty. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the HttpServletRequest.getParameter or HttpServletRequest.getParts function. By sending a speciall...

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to information disclosure (CVE-2023-25682)

Summary An information disclosure security vulnerabilty has been addressed in IBM Sterling B2B Integrator. Vulnerability Details CVEID: CVE-2023-25682 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition stores potentially sensitive information in log files that could be read by a local user...

Security Bulletin: IBM Sterling B2B Integrator is affected by vulnerability in JDOM (CVE-2021-33813)

Summary IBM Sterling B2B Integrator uses JDOM. Vulnerability Details CVEID: CVE-2021-33813 DESCRIPTION: JDOM is vulnerable to a denial of service, caused by an XXE issue in SAXBuilder. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to cause the a...

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to denial of service due to WebSphere Liberty Server ( CVE-2022-3509, CVE-2022-3171)

Summary A security vulnerability has been identified and addressed in WebSphere Liberty Server shipped with IBM Sterling Global Mailbox. Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing...

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to sensitive data exposure due to Apache CXF (CVE-2022-46363)

Summary A security vulnerability has been identified and addressed in Apache CXF shipped with IBM Sterling Global Mailbox. Vulnerability Details CVEID:CVE-2022-46363 DESCRIPTION: Apache CXF could allow a remote attacker to obtain sensitive information, caused by a flaw when the CXFServlet is...

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial of service due to Spring Framework (CVE-2022-22970)

Summary IBM Sterling B2B Integrator has addressed the denial of service security vulnerability in Spring Framework shipped with the product. Vulnerability Details CVEID:CVE-2022-22970 DESCRIPTION: Vmware Tanzu Spring Framework is vulnerable to a denial of service, caused by a flaw in the handling...

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to XML Enternal Entity error due to Apache POI (CVE-2019-12415)

Summary IBM Sterling B2B Integrator has addressed the XXE security vulnerability in Apache POI Vulnerability Details CVEID:CVE-2019-12415 DESCRIPTION: Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML data by...

DEBIAN-CVE-2022-41988

An information disclosure vulnerability exists in the OpenImageIO::decodeiptciim functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability...

UBUNTU-CVE-2022-41988

An information disclosure vulnerability exists in the OpenImageIO::decodeiptciim functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability...

Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling File Gateway (CVE-2021-44228)

Summary IBM Sterling File Gateway is impacted by Log4Shell CVE-2021-44228, through the use of Apache Log4j's JNDI logging feature. Final remediation images published below. As an alternative to the final remediation images, manual mitigation steps are also provided below. Vulnerability Details...

Indian Institute of Management (IIM-B) Bangalore website hacked

Indian Institute of Management IIM-B Bangalore website hacked The website of the Indian Institute of Management-Bangalore has been hijacked by hackers peddling erectile dysfunction products like Viagra. The website, www.iimb.ernet.in, has been out of service for at least ten days. Cached versions...