NEWS T1—2024 IBM Sterling B2B Integrator is affected by sensitive information exposure due to Apache James MIME4J

Integration News

IBM Sterling B2B Integrator is affected by sensitive information exposure due to Apache James MIME4J

IBM Sterling B2B Integrator uses Apache James MIME4J.

Vulnerability Details

CVEID: CVE-2022-45787

Description: Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the temporary files. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: Click here.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

The IIM versions of 6.0.3.9, 6.1.0.8, 6.1.1.4, and 6.1.2.3 are available on  Fix Central. The IIM version of 6.2.0.0 is available on Passport Advantage.

The container version of 6.1.1.4, 6.1.2.3 and 6.2.0.0 are available in IBM Entitled Registry.

Workarounds and Mitigations

None.

Fare clic sul pulsante sottostante per scaricare questa newsletter in formato Pdf.