Ibm Sterling Integrator vulnerabilities

CVE-2015-7450 [CRITICAL] CWE-502 CVE-2015-7450: Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastruct Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.

CVE-2015-5019 [MEDIUM] CWE-264 CVE-2015-5019: IBM Sterling Integrator 5.1 before 5010004_8 and Sterling B2B Integrator 5.2 before 5020500_9 allow IBM Sterling Integrator 5.1 before 5010004_8 and Sterling B2B Integrator 5.2 before 5020500_9 allow remote authenticated users to read or upload files by leveraging a password-change requirement.

CVE-2012-5937 [CRITICAL] CVE-2012-5937: Unspecified vulnerability in the CLA2 server in IBM Gentran Integration Suite 4.3, Sterling Integrat Unspecified vulnerability in the CLA2 server in IBM Gentran Integration Suite 4.3, Sterling Integrator 5.0 and 5.1, and Sterling B2B Integrator 5.2, as used in IBM Sterling File Gateway 1.1 through 2.2 and other products, allows remote attackers to execute arbitrary commands via unknown vectors.