CVE-2019-4728 — Deserialization of Untrusted Data in IBM Sterling B2B Integrator

CWE-502 — Deserialization of Untrusted Data3 documents3 sources

Severity

8.8HIGHNVD

EPSS

16.3%

top 5.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Sterling B2B Integrator

Timeline

PublishedJan 5

Latest updateMay 24

Description

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges. IBM X-Force ID: 172452.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDibm/sterling_b2b_integrator5.2.0.0 — 5.2.6.5_2+2

▶CVEListV5ibm/sterling_b2b_integrator5 versions+4

🔴Vulnerability Details

GHSA

GHSA-79pm-w7jm-jv2r: IBM Sterling B2B Integrator Standard Edition 5↗2022-05-24

▶

CVEList

CVE-2019-4728: IBM Sterling B2B Integrator Standard Edition 5↗2021-01-05

▶