Celebrating John Hawkins’ Achievement as an IBM Champion The world...
Read MoreColiance © 2024 All rights reserved
A recent announcement by IBM communicated that a number of our clients may be vulnerable to a security flaw in SFG/B2Bi. This is due to the use of Apache Struts within the product. The main vulnerability seems to be within the HTTP Server adapters therefore, if you are using AS2 or other URLs you may be exposed.
The vulnerability is marked as high for Government/Business systems although there is no evidence of anything untoward within IBM/Sterling software that we are aware of at the moment.
The recommendation is to follow guidance from IBM support, register for B2B/SFG notifications or please contact us and we can have a look at your systems to determine a best course of action.
For those technically minded
Apache Struts is a widely used open-source, MVC framework for creating Java web applications. Apache Struts versions prior to 2.3.35 and 2.5.17 were originally a problem in 2018. These were addressed at the time and in B2Bi 6.0.3.2 at least, a recommended version of 2.5.18 is being used. Recommendations have changed though requiring it to be patched up to 2.5.22. The original vulnerability had the potential to execute arbitrary code on the system, it seems the new recommendation is more around a Denial of Service Attack but the older more serious risk is still showing as active up to 2.5.20
The original notification https://www.ibm.com/support/pages/node/6324787
Celebrating John Hawkins’ Achievement as an IBM Champion The world...
Read MoreColiance Announces the Promotion of Stuart Power to Sales &...
Read MoreWe are beyond thrilled to share that Coliance has been...
Read MoreAchievement of Cyber Essentials Plus Certification Coliance Strengthens Cybersecurity Credentials...
Read MoreSecurity Notification: Multiple vulnerabilities in IBM Sterling Connect:Direct due to...
Read MoreAlex Konusa May 16, 2022 23:10 pm What are software...
Read More
Coliance © 2024 All rights reserved
