IBM Support

IT35721: SBI USES THE AFFECTED FUNCTIONALITY WITHIN XSTREAM LIBRARIES FOR CVE-2020-26217

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • To identify if CVE-2020-26217 is a potential
    security risk within the current supported versions of Sterling
    B2B Integrator.
    

Local fix

  • B2BISFG-55233
    

Problem summary

  • Users Affected:
     All customers using B2B integrator and filegateway
    
    Problem Description:
    
    SBI uses the affected functionality within Xstream libraries
    for CVE-2020-26217.
    
    Platforms Affected:
    All Platforms
    

Problem conclusion

  • Resolution Summary:
    A code fix is provided.
    The issue has been fixed. The Xstream jar have been upgraded
    
    
    Delivered in:
     6000304
    6010002
    5020605_4
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT35721

  • Reported component name

    STR B2B INTEGRA

  • Reported component ID

    5725D0600

  • Reported release

    603

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2021-01-28

  • Closed date

    2021-02-22

  • Last modified date

    2021-05-17

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    STR B2B INTEGRA

  • Fixed component ID

    5725D0600

Applicable component levels

[{"Line of Business":{"code":"LOB02","label":"AI Applications"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"603"}]

Document Information

Modified date:
18 May 2021