B2BI vulnerable to security bypass due to Spring Security

Integration News

B2B Integrator vulnerable to security bypass due to Spring Security

Vulnerability Details

CVEID: CVE-2022-31692
Description: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw when using forward or include dispatcher types. By sending a specially-crafted request, an attacker could exploit this
vulnerability to bypass authorization rules.
CVSS Base score: 7.5
CVSS Temporal Score: Click here.
CVSS Vector: (CVSS:3.0/AV:/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID: CVE-2022-22978
Description: Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw
in the RegexRequestMatcher component. By misconfiguring RegexRequestMatcher with `.` in the regular expression, an attacker could exploit this vulnerability to bypass authorization and obtain access.
CVSS Base score: 8.2
CVSS Temporal Score: Click here.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)

Affected Products and Versions

Remediation/Fixes

Workarounds and Mitigations

None. 

The IIM versions of 6.0.3.8 and 6.1.2.2 are available on: Fix Central.

The container version of 6.1.2.2 is available in IBM Entitled Registry with following tags:

  • icr.io/cp/ibm-b2bi/b2bi:6.1.2.2 for IBM Sterling B2B Integrator
  • icr.io/cp/ibm-sfg/sfg:6.1.2.2 for IBM Sterling File Gateway

Haga clic en el siguiente botón para descargar este boletín en formato Pdf.

Descargar
B2B Solutions ES
Powered by  GDPR Cookie Compliance
Resumen de privacidad

Esta web utiliza cookies para que podamos ofrecerte la mejor experiencia de usuario posible. La información de las cookies se almacena en tu navegador y realiza funciones tales como reconocerte cuando vuelves a nuestra web o ayudar a nuestro equipo a comprender qué secciones de la web encuentras más interesantes y útiles.