CVE-2015-0194 — XML External Entity (XXE) Injection in IBM Sterling B2B Integrator

CWE-611 — XML External Entity (XXE) Injection3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 58.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Sterling B2B Integrator IBM Sterling File Gateway

Timeline

PublishedAug 2

Latest updateMay 17

Description

XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/sterling_file_gateway2.1, 2.2+1

▶NVDibm/sterling_b2b_integrator5.1, 5.2+1

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-gq6v-prpp-39jv: XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5↗2022-05-17

▶

CVEList

CVE-2015-0194: XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5↗2017-08-02

▶