IC84082: Improper validation of user supplied input on select IBM Sterling B2B Integrator screens (CVE-2012-5766)

Direct link to fix

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Error Description
    Error Description:
    Sterling B2B Integrator 5.2.2, 2-node cluster, Windows 2008
    Server R2,  Oracle11g R2.
    
    It is possible to craft input data on the RNVisibility page, to
    affect the structure of an SQL query. An SQL query error is
    also raised in the ui log.
    
    Due to the sensitivity and security of this product issue, most
    details are not published in this document (e.g. reproduction
    details).
    

Local fix

  • Local Fix
    STRRTC - 328934
    JG / JG
    Circumvention: None
    No workaround available
    

Problem summary

  • Users Affected:
    
    All
    
    Problem Description:
    Improper validation of user supplied input on some IBM Sterling
    B2B Integrator screens could lead to various attacks including
    SQL injection attacks (CVE-2012-5766).
    
    Platforms Affected:
    All
    

Problem conclusion

  • Resolution Summary:
    
    We will encode/sanitize the input
    
    Delivered In:
    5104
    5040201_3
    5020402
    

Temporary fix

  • None Known
    

Comments

APAR Information

  • APAR number

    IC84082

  • Reported component name

    STR B2B INTEGRA

  • Reported component ID

    5725D0600

  • Reported release

    522

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-06-11

  • Closed date

    2013-03-14

  • Last modified date

    2013-12-06

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    STR B2B INTEGRA

  • Fixed component ID

    5725D0600

Applicable component levels

  • R510 PSY

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

Sterling B2B Integrator

Software version:

5.2.2

Reference #:

IC84082

Modified date:

2013-12-06

Translate my page

Machine Translation

Content navigation