ESB-2018.2543 - [Win][Linux][IBM i][HP-UX][Solaris][AIX] IBM Sterling B2B Integrator: Multiple vulnerabilities 2018-08-28

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.2543
          Multiple Vulnerabilities in IBM Sterling B2B Itegrator
                              28 August 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM Sterling B2B Integrator
Publisher:         IBM
Operating System:  AIX
                   HP-UX
                   IBM i
                   Linux variants
                   Solaris
                   Windows
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                   Denial of Service               -- Remote/Unauthenticated      
                   Cross-site Scripting            -- Remote with User Interaction
                   Provide Misleading Information  -- Remote/Unauthenticated      
                   Access Confidential Data        -- Remote/Unauthenticated      
                   Unauthorised Access             -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-12538 CVE-2018-12536 CVE-2018-5429
                   CVE-2017-7658 CVE-2017-7657 CVE-2017-7656
                   CVE-2016-2171 CVE-2016-0712 CVE-2016-0711
                   CVE-2016-0710 CVE-2016-0709 CVE-2015-5254
                   CVE-2014-3600 CVE-2014-3596 CVE-2014-3576
                   CVE-2012-5784 CVE-2011-5034 CVE-2011-4905
                   CVE-2008-0732 CVE-2007-5797 CVE-2007-4548
                   CVE-2006-0254  

Reference:         ASB-2017.0169
                   ASB-2017.0104.2
                   ESB-2017.2415
                   ESB-2016.0456
                   ESB-2015.1317

Original Bulletin: 
   https://www.ibm.com/support/docview.wss?uid=ibm10728833
   https://www.ibm.com/support/docview.wss?uid=ibm10728839
   https://www.ibm.com/support/docview.wss?uid=ibm10728841
   https://www.ibm.com/support/docview.wss?uid=ibm10728893
   https://www.ibm.com/support/docview.wss?uid=ibm10728823
   https://www.ibm.com/support/docview.wss?uid=ibm10728825

Comment: This bulletin contains six (6) IBM security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: Multiple Security Vulnerabilities in ActiveMQ Affect IBM
Sterling B2B Integrator

Software version: 5.2.0.1 - 5.2.6.3

Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows

Reference #: 0728833

Modified date: 27 August 2018

Security Bulletin

Summary

There are multiple security vulnerabilities in ActiveMQ that affect IBM
Sterling B2B Integrator

Vulnerability Details

CVEID:  CVE-2011-4905
DESCRIPTION:  Apache ActiveMQ is vulnerable to a denial of service, caused by
an error in the failover mechanism when handling an openwire connection
request. By sending a specially-crafted request, a remote attacker could
exploit this vulnerability to cause the broker service to crash.
CVSS Base Score: 5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/71620 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:  CVE-2012-5784
DESCRIPTION:  Apache Axis 1.4, as used in multiple products, could allow a
remote attacker to conduct spoofing attacks, caused by the failure to verify
that the server hostname matches a domain name in the subject''s Common Name
(CN) field of the X.509 certificate. An attacker could exploit this
vulnerability using man-in-the-middle techniques to spoof an SSL server and
launch further attacks against a vulnerable target.
CVSS Base Score: 4.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/79829 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID:  CVE-2014-3576
DESCRIPTION:  Apache ActiveMQ is vulnerable to a denial of service, caused by
an error in the processControlCommand function in
broker/TransportConnection.java. A remote attacker could use the shutdown
command to shutdown the service.
CVSS Base Score: 7.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/107290 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:  CVE-2014-3600
DESCRIPTION:  Apache ActiveMQ could allow a remote attacker to obtain sensitive
information, caused by an XML External Entity Injection (XXE) error when
processing XML data. By sending specially-crafted XML data to specify an XPath
based selector, an attacker could exploit this vulnerability to obtain
sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/100722 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID:  CVE-2015-5254
DESCRIPTION:  Apache ActiveMQ could allow a remote attacker to execute
arbitrary code on the system, caused by the failure to restrict the classes
that can be serialized in the broker. An attacker could exploit this
vulnerability using a specially crafted serialized Java Message Service (JMS)
ObjectMessage object to execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/109632 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

IBM Sterling B2B Integrator 5.2.0.1 - 5.2.6.3

Remediation/Fixes

+----------------------------+------------------------------------------------+
|PRODUCT & Version           |Remediation/Fix                                 |
+----------------------------+------------------------------------------------+
|IBM Sterling B2B Integrator |Apply IBM Sterling B2B Integrator version       |
|5.2.0.1 - 5.2.6.3           |6.0.0.0 available on Fix Central                |
+----------------------------+------------------------------------------------+

Workarounds and Mitigations

No

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Change History

24 August 2018: Original version published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- -------------------------------------------------------------------------------

Security Bulletin: Multiple Security Vulnerabilities in Apache Axis Affect IBM
Sterling B2B Integrator (CVE-2014-3596, CVE-2012-5784)

Software version: 5.2.0.1 - 5.2.6.3

Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows

Reference #: 0728839

Modified date: 27 August 2018

Security Bulletin

Summary

IBM Sterling B2B Integrator uses ActiveMQ. ActiveMQ uses Axis and is
vulnerable.

Vulnerability Details

CVEID:  CVE-2012-5784
DESCRIPTION:  Apache Axis 1.4, as used in multiple products, could allow a
remote attacker to conduct spoofing attacks, caused by the failure to verify
that the server hostname matches a domain name in the subject''s Common Name
(CN) field of the X.509 certificate. An attacker could exploit this
vulnerability using man-in-the-middle techniques to spoof an SSL server and
launch further attacks against a vulnerable target.
CVSS Base Score: 4.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/79829 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID:  CVE-2014-3596
DESCRIPTION:  Apache Axis and Axis2 could allow a remote attacker to conduct
spoofing attacks, caused by and incomplete fix related to the failure to verify
that the server hostname matches a domain name in the subject''s Common Name
(CN) field of the X.509 certificate. By persuading a victim to visit a Web site
containing a specially-crafted certificate, an attacker could exploit this
vulnerability using man-in-the-middle techniques to spoof an SSL server.
CVSS Base Score: 4.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/95377 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

IBM Sterling B2B Integrator 5.2.0.1 - 5.2.6.3

Remediation/Fixes

+----------------------------+------------------------------------------------+
|PRODUCT & Version           |Remediation/Fix                                 |
+----------------------------+------------------------------------------------+
|IBM Sterling B2B Integrator |Apply IBM Sterling B2B Integrator version       |
|5.2.0.1 - 5.2.6.3           |6.0.0.0 available on Fix Central                |
+----------------------------+------------------------------------------------+

Workarounds and Mitigations

No

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Change History

24 August 2018: Original version published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- -------------------------------------------------------------------------------

Security Bulletin: Multiple Security Vulnerabilities in Apache Geronimo Affect
IBM Sterling B2B Integrator

Software version: 5.2.0.1 - 5.2.6.3

Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows

Reference #: 0728841

Modified date: 27 August 2018

Security Bulletin

Summary

Multiple Security Vulnerabilities in Apache Geronimo Affect IBM Sterling B2B
Integrator

Vulnerability Details

CVEID:  CVE-2008-0732
DESCRIPTION:  Apache Geronimo could allow a local attacker to obtain sensitive
information, caused by the init script following symlinks during a chown
operation. A location attacker could exploit this vulnerability and gain
unauthorized access to files and directories to obtain sensitive information.
CVSS Base Score: 2.1
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/40562 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVEID:  CVE-2011-5034
DESCRIPTION:  Apache Geronimo is vulnerable to a denial of service, caused by
insufficient randomization of hash data structures. By sending multiple
specially-crafted HTTP POST requests to an affected application containing
conflicting hash key values, a remote attacker could exploit this vulnerability
to cause the consumption of CPU resources.
CVSS Base Score: 5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/72047 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:  CVE-2008-0732
DESCRIPTION:  Apache Geronimo could allow a local attacker to obtain sensitive
information, caused by the init script following symlinks during a chown
operation. A location attacker could exploit this vulnerability and gain
unauthorized access to files and directories to obtain sensitive information.
CVSS Base Score: 2.1
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/40562 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVEID:  CVE-2006-0254
DESCRIPTION:  Apache Geronimo is vulnerable to cross-site scripting, caused by
improper validation of HTML tags by the Web-Access-Log Viewer. A remote
attacker could exploit this vulnerability using a specially-crafted HTTP
request to embed malicious script within the log file which, once the log file
is viewed, would be executed in the administrator''s Web browser within the
security context of the hosting Web site, allowing the attacker to steal the
victim''s cookie-based authentication credentials.
CVSS Base Score: 2.8
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/24159 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: ()

CVEID:  CVE-2011-5034
DESCRIPTION:  Apache Geronimo is vulnerable to a denial of service, caused by
insufficient randomization of hash data structures. By sending multiple
specially-crafted HTTP POST requests to an affected application containing
conflicting hash key values, a remote attacker could exploit this vulnerability
to cause the consumption of CPU resources.
CVSS Base Score: 5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/72047 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:  CVE-2008-0732
DESCRIPTION:  Apache Geronimo could allow a local attacker to obtain sensitive
information, caused by the init script following symlinks during a chown
operation. A location attacker could exploit this vulnerability and gain
unauthorized access to files and directories to obtain sensitive information.
CVSS Base Score: 2.1
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/40562 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVEID:  CVE-2007-5797
DESCRIPTION:  Apache Geronimo could alllow a remote attacker to bypass security
restrictions, caused by an error in the SQLLoginModule during the
authentication process. By logging into the database with a non-existent
username, a remote attacker could exploit this vulnerability to bypass
authentication and gain unauthorized access to the vulnerable system. Note: The
IBM WebSphere Application Server Community Edition is also affected by this
vulnerability.
CVSS Base Score: 7.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/38211 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVEID:  CVE-2011-5034
DESCRIPTION:  Apache Geronimo is vulnerable to a denial of service, caused by
insufficient randomization of hash data structures. By sending multiple
specially-crafted HTTP POST requests to an affected application containing
conflicting hash key values, a remote attacker could exploit this vulnerability
to cause the consumption of CPU resources.
CVSS Base Score: 5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/72047 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:  CVE-2007-4548
DESCRIPTION:  Apache Geronimo could allow a remote attacker to bypass security
restrictions, caused by the login method in LoginModule implementations failing
to throw an exception for failed logins. A remote attacker could exploit this
vulnerability to bypass authentication and send a null username and password in
the command line deployer of the deployment module to gain unauthorized access
to the vulnerable system.
CVSS Base Score: 7
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/36468 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: ()

Remediation/Fixes

+----------------------------+------------------------------------------------+
|PRODUCT & Version           |Remediation/Fix                                 |
+----------------------------+------------------------------------------------+
|IBM Sterling B2B Integrator |Apply IBM Sterling B2B Integrator version       |
|5.2.0.1 - 5.2.6.3           |6.0.0.0 available on Fix Central                |
+----------------------------+------------------------------------------------+

Workarounds and Mitigations

No

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Change History

24 August 2018: Original version published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- -------------------------------------------------------------------------------

Security Bulletin: Multiple Security Vulnerabilities in Jetspeed Affect IBM
Sterling B2B Integrator

Software version: 5.2.0.1 - 5.2.6.3

Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows

Reference #: 0728893

Modified date: 27 August 2018

Security Bulletin

Summary

There are multiple security vulnerabilities in Jetspeed that affect IBM
Sterling B2B Integrator

Vulnerability Details

CVEID:  CVE-2016-0711
DESCRIPTION:  Apache Jetspeed is vulnerable to cross-site scripting, caused by
improper validation of user-supplied input by the add a link, page, or folder
functionality. A remote attacker could exploit this vulnerability to inject
malicious script into a Web page which would be executed in a victim's Web
browser within the security context of the hosting Web site, once the page is
viewed. An attacker could use this vulnerability to steal the victim's
cookie-based authentication credentials.
CVSS Base Score: 6.1
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/111887 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:  CVE-2016-0712
DESCRIPTION:  Apache Jetspeed is vulnerable to cross-site scripting, caused by
improper validation of user-supplied input by the URI path directory. A remote
attacker could exploit this vulnerability using a specially-crafted URL to
execute script in a victim's Web browser within the security context of the
hosting Web site, once the URL is clicked. An attacker could use this
vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base Score: 6.1
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/111888 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:  CVE-2016-2171
DESCRIPTION:  Apache Jetspeed could allow a remote attacker to bypass security
restrictions, caused by the failure to restrict access to the User Manager REST
service. An attacker could exploit this vulnerability to gain unauthorized
access to the application.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/111889 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:  CVE-2016-0710
DESCRIPTION:  Apache Jetspeed is vulnerable to SQL injection. A remote attacker
could send specially-crafted SQL statements to the User Manager service using
the user or role parameter, which could allow the attacker to view, add, modify
or delete information in the back-end database.
CVSS Base Score: 6.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/111886 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:  CVE-2016-0709
DESCRIPTION:  Apache Jetspeed could allow a remote attacker to traverse
directories on the system. An attacker could send a specially-crafted URL
request to the Import/Export function in the Portal Site Manager containing
"dot dot" sequences (/../) in a ZIP archive to upload a .jsp file to write it
to a disk and execute arbitrary code on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/111885 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Sterling B2b Integrator 5.2.0.1 - 5.2.6.3

Remediation/Fixes

+----------------------------+------------------------------------------------+
|PRODUCT & Version           |Remediation/Fix                                 |
+----------------------------+------------------------------------------------+
|IBM Sterling B2B Integrator |Apply IBM Sterling B2B Integrator version       |
|5.2.0.1 - 5.2.6.3           |6.0.0.0 available on Fix Central                |
+----------------------------+------------------------------------------------+

Workarounds and Mitigations

No

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Change History

24 August 2018: Original version published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- -------------------------------------------------------------------------------

Security Bulletin: Multiple Security Vulnerabilities in Jetty Affect IBM
Sterling B2B Integrator

Software version: 5.2.0.1 - 5.2.6.3

Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows

Reference #: 0728823

Modified date: 27 August 2018

Security Bulletin

Summary

There are multiple security vulnerabilities in Jetty that affect IBM Sterling
B2B Integrator

Vulnerability Details

CVEID:  CVE-2017-7658
DESCRIPTION:  Eclipse Jetty is vulnerable to HTTP request smuggling, caused by
a flaw when handling more than one Content-Length headers. By sending a
specially-crafted request, an attacker could exploit this vulnerability to
poison the web cache, bypass web application firewall protection, and conduct
XSS attacks.
CVSS Base Score: 6.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/145522 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:  CVE-2018-12536
DESCRIPTION:  Eclipse Jetty could allow a remote attacker to obtain sensitive
information. An attacker could send a specially-crafted URL request to the
java.nio.file.InvalidPathException function using an invalid parameter to cause
an error message to be returned containing the full installation path. An
attacker could use this information to launch further attacks against the
affected system.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/145523 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:  CVE-2017-7656
DESCRIPTION:  Eclipse Jetty is vulnerable to HTTP request smuggling, caused by
a flaw in the HTTP/1.x Parser. By sending a specially-crafted request, an
attacker could exploit this vulnerability to poison the web cache, bypass web
application firewall protection, and conduct XSS attacks.
CVSS Base Score: 6.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/145520 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:  CVE-2017-7657
DESCRIPTION:  Eclipse Jetty is vulnerable to HTTP request smuggling, caused by
improper handling of Chunked Transfer-Encoding chunk size. By sending a
specially-crafted request, an attacker could exploit this vulnerability to
poison the web cache, bypass web application firewall protection, and conduct
XSS attacks.
CVSS Base Score: 6.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/145521 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:  CVE-2018-12538
DESCRIPTION:  Eclipse Jetty could allow a remote attacker to hijack a user's
session, caused by a flaw in the FileSessionDataStore. An attacker could
exploit this vulnerability to gain access to another user's session.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/145321 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Sterling B2B Integrator 5.2.0.1 - 5.2.6.3

Remediation/Fixes

+----------------------------+------------------------------------------------+
|PRODUCT & Version           |Remediation/Fix                                 |
+----------------------------+------------------------------------------------+
|IBM Sterling B2B Integrator |Apply IBM Sterling B2B Integrator version       |
|5.2.0.1 - 5.2.6.3           |6.0.0.0 available on Fix Central                |
+----------------------------+------------------------------------------------+

Workarounds and Mitigations

No

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Change History

24 August 2018: Original version published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- -------------------------------------------------------------------------------

Security Bulletin: Security Vulnerability in TIBCO Jasper Reports Affects IBM
Sterling B2B Integrator (CVE-2018-5429)

Software version: 5.2.0.1 - 5.2.6.3

Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows

Reference #: 0728825

Modified date: 27 August 2018

Security Bulletin

Summary

Security vulnerability in TIBCO Jasper Reports Affects IBM Sterling B2B
Integrator

Vulnerability Details

CVEID:  CVE-2018-5429
DESCRIPTION:  Multiple TIBCO JasperReports products could allow a remote
authenticated attacker to execute arbitrary code on the system, caused by a
flaw in the report scripting component. By sending a specially-crafted request,
an attacker could exploit this vulnerability to execute arbitrary code with the
privileges of the operation system process.
CVSS Base Score: 8.8
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/142094 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM Sterling B2B Integrator 5.2.0.1 - 5.2..6.3

Remediation/Fixes

+----------------------------+------------------------------------------------+
|PRODUCT & Version           |Remediation/Fix                                 |
+----------------------------+------------------------------------------------+
|IBM Sterling B2B Integrator |Apply IBM Sterling B2B Integrator version       |
|5.2.0.1 - 5.2.6.3           |6.0.0.0 available on Fix Central                |
+----------------------------+------------------------------------------------+

Workarounds and Mitigations

No

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Change History

24 August 2018: Original version published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW4TvH2aOgq3Tt24GAQhn1BAA0XLw9DuPexYygQQFcW81lIDu4YjPPQQ6
Fg4WBQ7wGWHN4cwzPCpLNx9qWwtivf02aooh3rnPPHQ6+2F8rBchxjRXorBmL4wt
8wBvOVHiENqM616WZKnLPEcXXxR1Xkg9bVLOg1MeuEPLuvs7Z+PQXxMsXJAMLdTt
GxN7p0DP7rDobXpNTaJ6sPDXOqn5Wc3mRAgrl55zLR/9okSopOy51wBhvpqDebJx
uGzXS61Zv6SSJiPZUeFgVwsJ/7IzyllGzocIIr4TehrARpy7r89HJuY5WhhyBcUh
9w3UFxSs35Np6fshWZzGmXxjSwhoEPM9AGsnzo1toG3evCiOd8glvM5bn6VgMZkC
00XTT4eWXk6DwW4gnykr08XzNZu79st4kaGjxAlsGxzuCKQUoBeRXtdGeTzv0P5S
Vr3WKGgjTd2RUPWXqK/cXT9j3asSe7gacdobSMxY80oM+4BIoSFuwHlE0hClMFXj
j7JHlN9IS8z9yXh6FiDEaqWUVNZd05TItQWfsasu+xZZdVIgxvh1R8TaFu6Jwcsn
6y73PksMuyms8PG/R2RBhyJlfxZRF4ceZ2T195Ywb7+BiUzt54XtC69GoIcPub3j
cVgfPADoayglXbfCQgGMj0NEpurtf3MxQxWuh1LySCfOctAD6Byji1mSJUfXfe/G
nxxNmjzmLQA=
=Qgil
-----END PGP SIGNATURE-----

« Back to bulletins