Direct link to fix
APAR status
Closed as program error.
Error description
Error Description Error Description: Sterling B2B Integrator 5.2.2, 2-node cluster, Windows 2008 Server R2, Oracle11g R2. It is possible to craft input data on the RNVisibility page, to affect the structure of an SQL query. An SQL query error is also raised in the ui log. Due to the sensitivity and security of this product issue, most details are not published in this document (e.g. reproduction details).
Local fix
Local Fix STRRTC - 328934 JG / JG Circumvention: None No workaround available
Problem summary
Users Affected: All Problem Description: Improper validation of user supplied input on some IBM Sterling B2B Integrator screens could lead to various attacks including SQL injection attacks (CVE-2012-5766). Platforms Affected: All
Problem conclusion
Resolution Summary: We will encode/sanitize the input Delivered In: 5104 5040201_3 5020402
Temporary fix
None Known
Comments
APAR Information
APAR number
IC84082
Reported component name
STR B2B INTEGRA
Reported component ID
5725D0600
Reported release
522
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-06-11
Closed date
2013-03-14
Last modified date
2013-12-06
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
STR B2B INTEGRA
Fixed component ID
5725D0600
Applicable component levels
R510 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.2.2","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
Document Information
Modified date:
06 December 2013