CVE-2012-5937
critical
CVSS v3
—
CVSS v2
9.3
VIR risk
9.3
Description
Unspecified vulnerability in the CLA2 server in IBM Gentran Integration Suite 4.3, Sterling Integrator 5.0 and 5.1, and Sterling B2B Integrator 5.2, as used in IBM Sterling File Gateway 1.1 through 2.2 and other products, allows remote attackers to execute arbitrary commands via unknown vectors.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg21633925
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1IC85189
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | gentran_integration_suite | 4.3 | |
| ibm | sterling_b2b_integrator | 5.2 | |
| ibm | sterling_file_gateway | 1.1 | |
| ibm | sterling_file_gateway | 2.0 | |
| ibm | sterling_file_gateway | 2.1 | |
| ibm | sterling_file_gateway | 2.2 | |
| ibm | sterling_integrator | 5.0 | |
| ibm | sterling_integrator | 5.1 | |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC85189
- http://www.ibm.com/support/docview.wss?uid=swg21633925
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80403
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC85189
- http://www.ibm.com/support/docview.wss?uid=swg21633925
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80403
Verify integrity in audit chain (admin only). AS-IS.