CVE-2019-4728

Name of the Vulnerable Software and Affected Versions IBM Sterling B2B Integrator Standard Edition versions 5.2.0.0 through 5.2.6.5 2 IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.0.3.2 IBM Sterling B2B Integrator Standard Edition version 6.1.0.0

Description The issue is caused by the deserialization of untrusted data, allowing a remote attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this to execute arbitrary code with SYSTEM privileges.

Recommendations For IBM Sterling B2B Integrator Standard Edition versions 5.2.0.0 through 5.2.6.5 2, update to a version that includes a fix for the deserialization of untrusted data vulnerability. For IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.0.3.2, update to a version that includes a fix for the deserialization of untrusted data vulnerability. For IBM Sterling B2B Integrator Standard Edition version 6.1.0.0, update to a version that includes a fix for the deserialization of untrusted data vulnerability. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation.