Details of VAR-201307-0014

ID

VAR-201307-0014

CVE

CVE-2012-5766

TITLE

IBM Sterling B2B Integrator and Sterling File Gateway In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-006019

DESCRIPTION

Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via vectors involving the RNVisibility page and unspecified screens, a different vulnerability than CVE-2013-0560. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. IBM Sterling File Gateway is a set of file transfer software that integrates different file transfer methods and can realize secure interaction through the network

Trust: 1.98

sources: NVD: CVE-2012-5766 // JVNDB: JVNDB-2012-006019 // BID: 58501 // VULHUB: VHN-59047

AFFECTED PRODUCTS

vendor:	ibm	model:	sterling b2b integrator	scope:	eq	version:	5.1	Trust: 2.7
vendor:	ibm	model:	sterling b2b integrator	scope:	eq	version:	5.2	Trust: 2.4
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.1	Trust: 2.4
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2	Trust: 2.4

sources: BID: 58501 // JVNDB: JVNDB-2012-006019 // CNNVD: CNNVD-201303-371 // NVD: CVE-2012-5766

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-5766
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-5766
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201303-371
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-59047
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-5766
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-59047
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-59047 // JVNDB: JVNDB-2012-006019 // CNNVD: CNNVD-201303-371 // NVD: CVE-2012-5766

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-59047 // JVNDB: JVNDB-2012-006019 // NVD: CVE-2012-5766

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201303-371

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201303-371

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-006019

PATCH

title:	IC84082	url:	http://www-01.ibm.com/support/docview.wss?uid=swg1IC84082	Trust: 0.8
title:	1627982	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21627982	Trust: 0.8
title:	1640830	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21640830	Trust: 0.8

sources: JVNDB: JVNDB-2012-006019

EXTERNAL IDS

db:	NVD	id:	CVE-2012-5766	Trust: 2.8
db:	BID	id:	58501	Trust: 1.0
db:	JVNDB	id:	JVNDB-2012-006019	Trust: 0.8
db:	CNNVD	id:	CNNVD-201303-371	Trust: 0.7
db:	XF	id:	2	Trust: 0.6
db:	XF	id:	80267	Trust: 0.6
db:	AIXAPAR	id:	IC84082	Trust: 0.6
db:	VULHUB	id:	VHN-59047	Trust: 0.1

sources: VULHUB: VHN-59047 // BID: 58501 // JVNDB: JVNDB-2012-006019 // CNNVD: CNNVD-201303-371 // NVD: CVE-2012-5766

REFERENCES

url:	http://www-01.ibm.com/support/docview.wss?uid=swg1ic84082	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21627982	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21640830	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/80267	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5766	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5766	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/80267	Trust: 0.6
url:	http://www.securityfocus.com/bid/58501	Trust: 0.6
url:	http://www-01.ibm.com/software/commerce/b2b/products/b2b-integrator/	Trust: 0.3
url:	https://www-304.ibm.com/support/docview.wss?uid=swg21627982	Trust: 0.3

sources: VULHUB: VHN-59047 // BID: 58501 // JVNDB: JVNDB-2012-006019 // CNNVD: CNNVD-201303-371 // NVD: CVE-2012-5766

CREDITS

IBM

Trust: 0.9

sources: BID: 58501 // CNNVD: CNNVD-201303-371

SOURCES

db:	VULHUB	id:	VHN-59047
db:	BID	id:	58501
db:	JVNDB	id:	JVNDB-2012-006019
db:	CNNVD	id:	CNNVD-201303-371
db:	NVD	id:	CVE-2012-5766

LAST UPDATE DATE

2024-08-14T12:21:30.338000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-59047	date:	2017-08-29T00:00:00
db:	BID	id:	58501	date:	2013-03-11T00:00:00
db:	JVNDB	id:	JVNDB-2012-006019	date:	2013-07-04T00:00:00
db:	CNNVD	id:	CNNVD-201303-371	date:	2013-07-04T00:00:00
db:	NVD	id:	CVE-2012-5766	date:	2017-08-29T01:32:45.247

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-59047	date:	2013-07-03T00:00:00
db:	BID	id:	58501	date:	2013-03-11T00:00:00
db:	JVNDB	id:	JVNDB-2012-006019	date:	2013-07-04T00:00:00
db:	CNNVD	id:	CNNVD-201303-371	date:	2013-03-19T00:00:00
db:	NVD	id:	CVE-2012-5766	date:	2013-07-03T13:54:30.917