CVE-2015-0194

MEDIUM

IBM Sterling B2b Integrator - XXE

Title source: rule

Description

XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data.

References (3)

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg1IT06733

[Patch, Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21699482

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/73401

Scores

CVSS v3 6.5

EPSS 0.0019

EPSS Percentile 41.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-611

Status published

Products (5)

ibm/sterling_b2b_integrator

ibm/sterling_file_gateway

n/a/n/a

Published Aug 02, 2017

Tracked Since Feb 18, 2026