PT-2017-6434 · Ibm · Ibm Sterling File Gateway+1

Publicado

2017-08-02

Atualizado

2017-08-14

CVE-2015-0194

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Sterling B2B Integrator versions 5.1 through 5.2 IBM Sterling File Gateway versions 2.1 through 2.2

Description The issue allows remote attackers to read arbitrary files via a crafted XML data, exploiting an XML External Entity (XXE) vulnerability.

Recommendations For IBM Sterling B2B Integrator versions 5.1 through 5.2, update to a version that includes a fix for this issue. For IBM Sterling File Gateway versions 2.1 through 2.2, update to a version that includes a fix for this issue.

Correção

XXE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-611

Identificadores relacionados

CVE-2015-0194

Produtos afetados

Ibm Sterling B2B Integrator

Ibm Sterling File Gateway

PT-2017-6434 · Ibm · Ibm Sterling File Gateway+1

CVE-2015-0194

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4