CVE-2019-4728

HIGH

IBM Sterling B2B Integrator <6.1.0.0 - Code Injection

Title source: llm

Description

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges. IBM X-Force ID: 172452.

References (2)

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/172452

[Vendor Advisory] https://www.ibm.com/support/pages/node/6396172

Scores

CVSS v3 8.8

EPSS 0.1634

EPSS Percentile 94.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (2)

ibm/sterling_b2b_integrator < 5.2.6.5_2

ibm/sterling_b2b_integrator

Timeline

Published Jan 05, 2021

Tracked Since Feb 18, 2026