IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges. IBM X-Force ID: 172452.
References
| Link | Resource |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/172452 | VDB Entry Vendor Advisory |
| https://www.ibm.com/support/pages/node/6396172 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
07 Jan 2021, 21:41
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-502 | |
| CVSS |
v2 : v3 : |
v2 : 9.0
v3 : 8.8 |
| References | (CONFIRM) https://www.ibm.com/support/pages/node/6396172 - Vendor Advisory | |
| References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/172452 - VDB Entry, Vendor Advisory | |
| CPE | cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:* cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:* cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:* |
05 Jan 2021, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-01-05 15:15
Updated : 2023-12-10 13:41
NVD link : CVE-2019-4728
Mitre link : CVE-2019-4728
CVE.ORG link : CVE-2019-4728
JSON object : View
Products Affected
ibm
- i
- sterling_b2b_integrator
- aix
oracle
- solaris
linux
- linux_kernel
microsoft
- windows
hp
- hp-ux
CWE
CWE-502
Deserialization of Untrusted Data