CVE-2015-5019

Name of the Vulnerable Software and Affected Versions IBM Sterling Integrator versions 5.1 before 5010004 8 Sterling B2B Integrator versions 5.2 before 5020500 9

Description The issue is related to inadequate access control in certain functions of the IBM Sterling B2B Integrator, allowing remote authenticated users to read or upload files by leveraging a password-change requirement. This can be exploited by a remote attacker to access files.

Recommendations For IBM Sterling Integrator version 5.1 before 5010004 8, update to version 5010004 8 or later. For Sterling B2B Integrator version 5.2 before 5020500 9, update to version 5020500 9 or later. As a temporary workaround, consider restricting access to the password-change mechanism until a patch is available.