CVE-2015-0194

medium

Published 2017-08-02 · Modified 2026-05-13

CVSS v3

6.5

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2

4.0

VIR risk

6.5

Description

XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data.

Predictions

Exploit likelihood

75%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21699482

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1IT06733

Application impact

Vendor	Product	Versions
ibm	sterling_b2b_integrator	`5.1`
ibm	sterling_b2b_integrator	`5.2`
ibm	sterling_file_gateway	`2.1`
ibm	sterling_file_gateway	`2.2`

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IT06733
http://www-01.ibm.com/support/docview.wss?uid=swg21699482
http://www.securityfocus.com/bid/73401
http://www-01.ibm.com/support/docview.wss?uid=swg1IT06733
http://www-01.ibm.com/support/docview.wss?uid=swg21699482
http://www.securityfocus.com/bid/73401

CWEs

CWE-611

Verify integrity in audit chain (admin only). AS-IS.