NEWS T1 24 IBM Sterling B2B Integrator is affected by sensitive information exposure due to Apache James MIME4J

Integration News

IBM Sterling B2B Integrator is affected by sensitive information exposure due to Apache James MIME4J

IBM Sterling B2B Integrator uses Apache James MIME4J.

Vulnerability Details

CVEID: CVE-2022-45787

Description: Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the temporary files. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: Click here.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

The IIM versions of 6.0.3.9, 6.1.0.8, 6.1.1.4, and 6.1.2.3 are available on  Fix Central. The IIM version of 6.2.0.0 is available on Passport Advantage.

The container version of 6.1.1.4, 6.1.2.3 and 6.2.0.0 are available in IBM Entitled Registry.

Workarounds and Mitigations

None.

Haga clic en el siguiente botón para descargar este boletín en formato Pdf.

Descargar
B2B Solutions ES
Powered by  GDPR Cookie Compliance
Resumen de privacidad

Esta web utiliza cookies para que podamos ofrecerte la mejor experiencia de usuario posible. La información de las cookies se almacena en tu navegador y realiza funciones tales como reconocerte cuando vuelves a nuestra web o ayudar a nuestro equipo a comprender qué secciones de la web encuentras más interesantes y útiles.