CVE-2019-4728
Severity CVSS v4.0:
Pending analysis
Type:
CWE-502
Deserialization of Untrusted Dat
Publication date:
05/01/2021
Last modified:
07/01/2021
Description
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges. IBM X-Force ID: 172452.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
9.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:* | 5.2.0.0 (including) | 5.2.6.5_2 (including) |
| cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:* | 6.0.0.0 (including) | 6.0.3.2 (including) |
| cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.0.0:*:*:*:standard:*:*:* | ||
| cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:* |
To consult the complete list of CPE names with products and versions, see this page