Summary IBM Sterling B2B Integrator uses IBM WebSphere Application Server Liberty. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-46158 DESCRIPTION: **IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775. CVSS Base score: 4.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268775 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM Sterling B2B Integrator| 6.0.0.0 – 6.0.3.9 IBM Sterling B2B Integrator| 6.1.0.0 – 6.1.2.3 IBM Sterling B2B Integrator| 6.2.0.0 Remediation/Fixes IBM strongly recommends addressing the vulnerability now. Product| Version| Remediation & Fix —|—|— IBM Sterling B2B Integrator| 6.0.0.0 – 6.0.3.9| Apply B2BI 6.1.2.5 or 6.2.0.1 IBM Sterling B2B Integrator| 6.1.0.0 – 6.1.2.3| Apply B2BI 6.1.2.5 or 6.2.0.1 IBM Sterling B2B Integrator| 6.2.0.0| Apply B2BI 6.2.0.1 The IIM versions of 6.1.2.5 and 6.2.0.1 are available on Fix Central. The container version of 6.1.2.5 and 6.2.0.1 are available in IBM Entitled Registry. Workarounds and Mitigations…Read More