CVE-2019-4728
First published: Mon Jan 04 2021(Updated: )
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges. IBM X-Force ID: 172452.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM B2B Sterling Integrator | <=5.2.0.0 - 5.2.6.5_2 | |
| IBM B2B Sterling Integrator | <=6.0.0.0 - 6.0.3.2 | |
| IBM B2B Sterling Integrator | <=6.1.0.0 | |
| IBM B2B Sterling Integrator | >=5.2.0.0<=5.2.6.5_2 | |
| IBM B2B Sterling Integrator | >=6.0.0.0<=6.0.3.2 | |
| IBM B2B Sterling Integrator | =6.1.0.0 | |
| HPE HP-UX | ||
| IBM AIX | ||
| IBM i | ||
| Linux Kernel | ||
| Microsoft Windows | ||
| Oracle Solaris SPARC |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-4728?
CVE-2019-4728 has a critical severity rating due to the potential for remote code execution.
How do I fix CVE-2019-4728?
To fix CVE-2019-4728, upgrade the IBM Sterling B2B Integrator to the latest patched version as provided by IBM.
Which versions of IBM Sterling B2B Integrator are affected by CVE-2019-4728?
CVE-2019-4728 affects IBM Sterling B2B Integrator versions 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0.
Can CVE-2019-4728 be exploited remotely?
Yes, CVE-2019-4728 can be exploited remotely by an attacker sending specially crafted requests.
What type of vulnerability is CVE-2019-4728 classified as?
CVE-2019-4728 is classified as a deserialization vulnerability that allows arbitrary code execution.
- agent/references
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ibm
- canonical/ibm b2b sterling integrator
- version/ibm b2b sterling integrator/5.2.0.0 - 5.2.6.5_2
- version/ibm b2b sterling integrator/6.0.0.0 - 6.0.3.2
- version/ibm b2b sterling integrator/6.1.0.0
- version/ibm b2b sterling integrator/5.2.0.0
- version/ibm b2b sterling integrator/5.2.6.5_2
- version/ibm b2b sterling integrator/6.0.0.0
- version/ibm b2b sterling integrator/6.0.3.2
- vendor/hp
- canonical/hpe hp-ux
- canonical/ibm aix
- canonical/ibm i
- vendor/linux
- canonical/linux kernel
- vendor/microsoft
- canonical/microsoft windows
- vendor/oracle
- canonical/oracle solaris sparc