Summary IBM B2B Sterling integrator is vunerable to information disclosure due to Apache Santuario Vulnerability Details CVEID:CVE-2023-44483 DESCRIPTION: Apache Santuario could allow a remote authenticated attacker to obtain sensitive information, caused by the storage of a private key in the log files when using the JSR 105 API. By gaining access to the log files, an attacker could exploit this vulnerability to obtain the private key information, and use this information to launch further attacks against the affected system. CWE:CWE-532: Insertion of Sensitive Information into Log File CVSS Source: IBM X-Force CVSS Base score: 6.5 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM Sterling B2B Integrator| 6.0.0.0 – 6.1.2.5 IBM Sterling B2B Integrator| 6.2.0.0 Remediation/Fixes Product| Version| APAR| Remediation & Fix —|—|—|— IBM Sterling B2B Integrator| 6.0.0.0 – 6.1.2.5| IT45450| Apply B2BI 6.1.2.6 or 6.2.0.3 IBM Sterling B2B Integrator| 6.2.0.0| IT45450| Apply B2BI 6.2.0.3 The IIM versions of 6.1.2.6 and 6.2.0.3 are available on Fix Central. The container version of 6.1.2.6 and 6.2.0.3 are available in IBM Entitled Registry. Workarounds and Mitigations…Read More