Summary IBM B2B Sterling Integrator is affected by Apache Axis vulnerability to server-side request forgery. Vulnerability Details CVEID:CVE-2023-51441 DESCRIPTION: Apache Axis is vulnerable to server-side request forgery, caused by a improper input validation by the service admin HTTP API. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack. CWE:CWE-918: Server-Side Request Forgery (SSRF) CVSS Source: IBM X-Force CVSS Base score: 7.5 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM Sterling B2B Integrator| 6.0.0.0 – 6.1.2.5 IBM Sterling B2B Integrator| 6.2.0.0 Remediation/Fixes Product| Version| APAR| Remediation & Fix —|—|—|— IBM Sterling B2B Integrator| 6.0.0.0 – 6.1.2.5| IT46849| Apply B2BI 6.1.2.6 or 6.2.0.3 IBM Sterling B2B Integrator| 6.2.0.0| IT46849| Apply B2BI 6.2.0.3 The IIM versions of 6.1.2.6 and 6.2.0.3 are available on Fix Central. The container version of 6.1.2.6 and 6.2.0.3 are available in IBM Entitled Registry. Workarounds and Mitigations…Read More
