CVE-2019-4728

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges. IBM X-Force ID: 172452.

Published: Jan 5, 2021
Updated: Apr 13, 2023
CVE: CVE-2019-4728
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-502

OWASP TOP 10:

A8 - Insecure Deserialization

Affected Software
References

Software	From	Fixed in
ibm / sterling_b2b_integrator	5.2.0.0	5.2.6.5_2.x
ibm / sterling_b2b_integrator	6.0.0.0	6.0.3.2.x
ibm / sterling_b2b_integrator	6.1.0.0	6.1.0.0.x

https://exchange.xforce.ibmcloud.com/vulnerabilities/172452
https://www.ibm.com/support/pages/node/6396172

Vulnerability Database

289,784

CVE-2019-4728