NEWS 2024 T1 IBM Sterling B2B Integrator is affected by vulnerability in JDOM

Integration News

IBM Sterling B2B Integrator is affected by vulnerability in JDOM

IBM Sterling B2B Integrator uses JDOM.

Vulnerability Details

CVEID: CVE-2021-33813

Description: JDOM is vulnerable to a denial of service, caused by an XXE issue in SAXBuilder. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to cause the a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: Click here.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Remediation/Fixes

The IIM versions of 6.0.3.9, 6.1.0.8, 6.1.1.4, and 6.1.2.3 are available on Fix Central. The IIM version of 6.2.0.0 is available on Passport Advantage

The container version of 6.1.0.8, 6.1.1.4, 6.1.2.3 and 6.2.0.0 are available in IBM Entitled Registry.

Workarounds and Mitigations

None.

Click on the button below to download this newsletter in Pdf format.