Details of VAR-201708-0255

ID

VAR-201708-0255

CVE

CVE-2015-0194

TITLE

IBM Sterling B2B Integrator and IBM Sterling File Gateway In XML External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-007691

DESCRIPTION

XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data. Multiple IBM Products are prone to an unspecified information-disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information that may lead to further attacks. IBM Sterling File Gateway is a set of file transfer software that integrates different file transfer methods and can realize secure interaction through the network

Trust: 1.98

sources: NVD: CVE-2015-0194 // JVNDB: JVNDB-2015-007691 // BID: 73401 // VULHUB: VHN-78140

AFFECTED PRODUCTS

vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.2	Trust: 2.7
vendor:	ibm	model:	sterling b2b integrator	scope:	eq	version:	5.2	Trust: 2.7
vendor:	ibm	model:	sterling b2b integrator	scope:	eq	version:	5.1	Trust: 2.4
vendor:	ibm	model:	sterling file gateway	scope:	eq	version:	2.1	Trust: 2.4
vendor:	ibm	model:	sterling file gateway	scope:	ne	version:	2.2.5	Trust: 0.3
vendor:	ibm	model:	sterling b2b integrator	scope:	ne	version:	5.2.5.0	Trust: 0.3

sources: BID: 73401 // JVNDB: JVNDB-2015-007691 // CNNVD: CNNVD-201506-554 // NVD: CVE-2015-0194

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0194
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0194
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201506-554
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78140
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0194
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78140
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-0194
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-78140 // JVNDB: JVNDB-2015-007691 // CNNVD: CNNVD-201506-554 // NVD: CVE-2015-0194

PROBLEMTYPE DATA

problemtype:

CWE-611

Trust: 1.9

sources: VULHUB: VHN-78140 // JVNDB: JVNDB-2015-007691 // NVD: CVE-2015-0194

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-554

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201506-554

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-007691

PATCH

title:	1699482	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21699482	Trust: 0.8
title:	IT06733	url:	http://www-01.ibm.com/support/docview.wss?uid=swg1IT06733	Trust: 0.8

sources: JVNDB: JVNDB-2015-007691

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0194	Trust: 2.8
db:	BID	id:	73401	Trust: 2.0
db:	JVNDB	id:	JVNDB-2015-007691	Trust: 0.8
db:	CNNVD	id:	CNNVD-201506-554	Trust: 0.6
db:	VULHUB	id:	VHN-78140	Trust: 0.1

sources: VULHUB: VHN-78140 // BID: 73401 // JVNDB: JVNDB-2015-007691 // CNNVD: CNNVD-201506-554 // NVD: CVE-2015-0194

REFERENCES

url:	http://www-01.ibm.com/support/docview.wss?uid=swg1it06733	Trust: 2.0
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21699482	Trust: 2.0
url:	http://www.securityfocus.com/bid/73401	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0194	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0194	Trust: 0.8
url:	http://www.ibm.com/	Trust: 0.3

sources: VULHUB: VHN-78140 // BID: 73401 // JVNDB: JVNDB-2015-007691 // CNNVD: CNNVD-201506-554 // NVD: CVE-2015-0194

CREDITS

IBM

Trust: 0.9

sources: BID: 73401 // CNNVD: CNNVD-201506-554

SOURCES

db:	VULHUB	id:	VHN-78140
db:	BID	id:	73401
db:	JVNDB	id:	JVNDB-2015-007691
db:	CNNVD	id:	CNNVD-201506-554
db:	NVD	id:	CVE-2015-0194

LAST UPDATE DATE

2024-11-23T23:12:24.597000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78140	date:	2017-08-14T00:00:00
db:	BID	id:	73401	date:	2015-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2015-007691	date:	2017-09-05T00:00:00
db:	CNNVD	id:	CNNVD-201506-554	date:	2017-08-03T00:00:00
db:	NVD	id:	CVE-2015-0194	date:	2024-11-21T02:22:30.800

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78140	date:	2017-08-02T00:00:00
db:	BID	id:	73401	date:	2015-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2015-007691	date:	2017-09-05T00:00:00
db:	CNNVD	id:	CNNVD-201506-554	date:	2015-03-26T00:00:00
db:	NVD	id:	CVE-2015-0194	date:	2017-08-02T19:29:00.287