CVE-2015-0194

Published: Aug 2, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data.

Affected (4)

Products: Ibm: Sterling B2b Integrator, Sterling File Gateway

Ibm

2 products

Sterling B2b Integrator

Sterling File Gateway

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ibm Sterling B2b Integrator	Version 5.1
Ibm Sterling B2b Integrator	Version 5.2
Ibm Sterling File Gateway	Version 2.1
Ibm Sterling File Gateway	Version 2.2

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (6)

http://www-01.ibm.com/support/docview.wss?uid=swg1IT06733

Source: psirt@us.ibm.com

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21699482

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www.securityfocus.com/bid/73401

Source: psirt@us.ibm.com

Third Party AdvisoryVDB Entry

http://www-01.ibm.com/support/docview.wss?uid=swg1IT06733

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21699482

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/73401

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.