Vulnerability Name:

CVE-2012-5937 (CCN-80403)

Assigned:2012-11-21
Published:2013-04-10
Updated:2017-08-29
Summary:Unspecified vulnerability in the CLA2 server in IBM Gentran Integration Suite 4.3, Sterling Integrator 5.0 and 5.1, and Sterling B2B Integrator 5.2, as used in IBM Sterling File Gateway 1.1 through 2.2 and other products, allows remote attackers to execute arbitrary commands via unknown vectors.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2012-5937

Source: CCN
Type: SA53007
IBM Sterling B2B Integrator Multiple Products CLA2 Server Arbitrary Command Injection Vulnerability

Source: AIXAPAR
Type: Vendor Advisory
IC85189

Source: CCN
Type: IBM Security Bulletin 1633925
Vulnerability in IBM® Sterling B2B Integrator can lead to ability to execute OS commands from CLA2 server without authentication (CVE-2012-5937)

Source: CONFIRM
Type: Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21633925

Source: CCN
Type: BID-59025
IBM Sterling B2B Integrator CVE-2012-5937 Remote Command Execution Vulnerability

Source: XF
Type: UNKNOWN
sterling-b2b-cla2-execution(80403)

Source: XF
Type: UNKNOWN
sterling-b2b-command-execution(80403)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:gentran_integration_suite:4.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_file_gateway:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_file_gateway:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_file_gateway:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_integrator:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_integrator:5.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm gentran integration suite 4.3
    ibm sterling b2b integrator 5.2
    ibm sterling file gateway 1.1
    ibm sterling file gateway 2.0
    ibm sterling file gateway 2.1
    ibm sterling file gateway 2.2
    ibm sterling integrator 5.0
    ibm sterling integrator 5.1
    ibm sterling b2b integrator 5.2