Sign-up

ID

VAR-201304-0010


CVE

CVE-2012-5937


TITLE

plural IBM Vulnerability to execute arbitrary commands in the product

Trust: 0.8

sources: JVNDB: JVNDB-2013-002234

DESCRIPTION

Unspecified vulnerability in the CLA2 server in IBM Gentran Integration Suite 4.3, Sterling Integrator 5.0 and 5.1, and Sterling B2B Integrator 5.2, as used in IBM Sterling File Gateway 1.1 through 2.2 and other products, allows remote attackers to execute arbitrary commands via unknown vectors. An attacker can exploit this issue to execute arbitrary shell commands (Unix or Windows command or scripts) within the context of the application. The software supports secure integration of complex B2B processes with diverse partner communities. The vulnerability stems from an unspecified bug in the CLA2 server

Trust: 1.98

sources: NVD: CVE-2012-5937 // JVNDB: JVNDB-2013-002234 // BID: 59025 // VULHUB: VHN-59218

AFFECTED PRODUCTS

vendor:ibmmodel:sterling integratorscope:eqversion:5.1

Trust: 2.7

vendor:ibmmodel:sterling integratorscope:eqversion:5.0

Trust: 2.7

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2

Trust: 2.7

vendor:ibmmodel:gentran integration suitescope:eqversion:4.3

Trust: 2.7

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.2

Trust: 1.9

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.1

Trust: 1.9

vendor:ibmmodel:sterling file gatewayscope:eqversion:2.0

Trust: 1.9

vendor:ibmmodel:sterling file gatewayscope:eqversion:1.1

Trust: 1.9

vendor:ibmmodel:sterling file gatewayscope:eqversion:1.1 to 2.2

Trust: 0.8

vendor:ibmmodel:sterling b2b integratorscope:eqversion:5.2.41

Trust: 0.3

sources: BID: 59025 // JVNDB: JVNDB-2013-002234 // CNNVD: CNNVD-201304-194 // NVD: CVE-2012-5937

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-5937
value: HIGH

Trust: 1.0

NVD: CVE-2012-5937
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201304-194
value: CRITICAL

Trust: 0.6

VULHUB: VHN-59218
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-5937
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-59218
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-59218 // JVNDB: JVNDB-2013-002234 // CNNVD: CNNVD-201304-194 // NVD: CVE-2012-5937

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2012-5937

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-194

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 59025

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002234

PATCH
title:1633925url:http://www-01.ibm.com/support/docview.wss?uid=swg21633925
Trust: 0.8
title:IC85189url:http://www-01.ibm.com/support/docview.wss?uid=swg1IC85189
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-002234

EXTERNAL IDS
db:NVDid:CVE-2012-5937
Trust: 2.8
db:JVNDBid:JVNDB-2013-002234
Trust: 0.8
db:CNNVDid:CNNVD-201304-194
Trust: 0.7
db:XFid:2
Trust: 0.6
db:XFid:80403
Trust: 0.6
db:AIXAPARid:IC85189
Trust: 0.6
db:SECUNIAid:53007
Trust: 0.6
db:BIDid:59025
Trust: 0.4
db:VULHUBid:VHN-59218
Trust: 0.1
sources:
            
            
            VULHUB: VHN-59218 // 
            
            
            
            BID: 59025 // 
            
            
            
            JVNDB: JVNDB-2013-002234 // 
            
            
            
            CNNVD: CNNVD-201304-194 // 
            
            
            
            NVD: CVE-2012-5937

REFERENCES
url:http://www.ibm.com/support/docview.wss?uid=swg21633925
Trust: 2.0
url:http://www-01.ibm.com/support/docview.wss?uid=swg1ic85189
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/80403
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5937
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5937
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/80403
Trust: 0.6
url:http://secunia.com/advisories/53007
Trust: 0.6
url:http://www.ibm.com/support/docview.wss?uid=swg24034725
Trust: 0.3
url:http://www.ibm.com
Trust: 0.3
url:http://www-01.ibm.com/software/commerce/b2b/products/b2b-integrator/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-59218 // 
            
            
            
            BID: 59025 // 
            
            
            
            JVNDB: JVNDB-2013-002234 // 
            
            
            
            CNNVD: CNNVD-201304-194 // 
            
            
            
            NVD: CVE-2012-5937

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 59025

SOURCES
db:VULHUBid:VHN-59218
db:BIDid:59025
db:JVNDBid:JVNDB-2013-002234
db:CNNVDid:CNNVD-201304-194
db:NVDid:CVE-2012-5937

LAST UPDATE DATE
2024-11-23T21:22:26.891000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-59218date:2017-08-29T00:00:00
db:BIDid:59025date:2013-04-10T00:00:00
db:JVNDBid:JVNDB-2013-002234date:2013-04-16T00:00:00
db:CNNVDid:CNNVD-201304-194date:2013-04-12T00:00:00
db:NVDid:CVE-2012-5937date:2024-11-21T01:45:33.297

SOURCES RELEASE DATE
db:VULHUBid:VHN-59218date:2013-04-12T00:00:00
db:BIDid:59025date:2013-04-10T00:00:00
db:JVNDBid:JVNDB-2013-002234date:2013-04-16T00:00:00
db:CNNVDid:CNNVD-201304-194date:2013-04-12T00:00:00
db:NVDid:CVE-2012-5937date:2013-04-12T19:55:01.857