Summary IBM Sterling B2B Integrator uses Apache Commons BeanUtils. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2014-0114 DESCRIPTION: **Apache Commons BeanUtils, as distributed in lib/commons-beanutils in Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. By using the class parameter of an ActionForm object, an attacker could exploit this vulnerability to manipulate the ClassLoader and execute arbitrary code on the system. CVSS Base score: 6.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/92889 for the current score. CVSS Vector: Affected Products and Versions Affected Product(s)| Version(s) —|— IBM Sterling B2B Integrator| 6.0.0.0 – 6.0.3.9 IBM Sterling B2B Integrator| 6.1.0.0 – 6.1.2.3 IBM Sterling B2B Integrator| 6.2.0.0 Remediation/Fixes IBM strongly recommends addressing the vulnerability now. Product| Version| Remediation & Fix —|—|— IBM Sterling B2B Integrator| 6.0.0.0 – 6.0.3.9| Apply B2BI 6.1.2.5 or 6.2.0.1 IBM Sterling B2B Integrator| 6.1.0.0 – 6.1.2.3| Apply B2BI 6.1.2.5 or 6.2.0.1 IBM Sterling B2B Integrator| 6.2.0.0| Apply B2BI 6.2.0.1 The IIM versions of 6.1.2.5 and 6.2.0.1 are available on Fix Central. The container version of 6.1.2.5 and 6.2.0.1 are available in IBM Entitled Registry. Workarounds and Mitigations…Read More
Security Bulletin: B2B API of IBM Sterling B2B Integrator vulnerable to remote code execution due to Apache Commons BeanUtils (CVE-2014-0114)
