IBM Support

IT06733: A vulnerability in XML External Entity (XXE) processing could allow a remote attacker to obtain sensitive information.

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • IBM Sterling File Gateway could allow a remote attacker to
    obtain sensitive information, caused by an XML External Entity
    Injection (XXE) error when processing XML data. An attacker
    could declare an entity referencing the content of a local file
    to obtain sensitive information.
    

Local fix

Problem summary

  • Users Affected:
    All Sterling B2B Integrator and Sterling File Gateway users.
    
    Problem Description:
    IBM Sterling File Gateway could allow a remote attacker to
    obtain sensitive information, caused by an XML External Entity
    Injection (XXE) error when processing XML data. An attacker
    could declare an entity referencing the content of a local file
    to obtain sensitive information.
    
    Platforms Affected:
    All
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    IT06733

  • Reported component name

    STR FILE GATEWA

  • Reported component ID

    5725D0700

  • Reported release

    224

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2015-01-26

  • Closed date

    2015-03-23

  • Last modified date

    2015-05-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    STR FILE GATEWA

  • Fixed component ID

    5725D0700

Applicable component levels

  • R225 PSY

       UP



Document information

More support for: Sterling File Gateway

Software version: 2.2

Reference #: IT06733

Modified date: 01 May 2015