Main Vulnerability Database SB2022090117

SB2022090117 - Improper input validation in IBM Sterling B2B Integrator

Published: September 1, 2022

Security Bulletin ID SB2022090117

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper input validation (CVE-ID: CVE-2015-0254)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the Information Manager Console (Apache Standard Taglibs) component in Oracle Knowledge. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/blogs/psirt/security-bulletin-apache-standard-taglibs-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2015-0254-2/"
https://www.ibm.com/blogs/psirt/security-bulletin-apache-standard-taglibs-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2015-0254-2/</a> <a
https://www.ibm.com/support/pages/node/6495935"
https://www.ibm.com/support/pages/node/6495935</a>