Struts Vulnerability Notification

A recent announcement by IBM communicated that a number of our clients may be vulnerable to a security flaw in SFG/B2Bi. This is due to the use of Apache Struts within the product. The main vulnerability seems to be within the HTTP Server adapters therefore, if you are using AS2 or other URLs you may be exposed.

The vulnerability is marked as high for Government/Business systems although there is no evidence of anything untoward within IBM/Sterling software that we are aware of at the moment.

The recommendation is to follow guidance from IBM support, register for B2B/SFG notifications or please contact us and we can have a look at your systems to determine a best course of action.

For those technically minded

Apache Struts is a widely used open-source, MVC framework for creating Java web applications. Apache Struts versions prior to 2.3.35 and 2.5.17 were originally a problem in 2018. These were addressed at the time and in B2Bi 6.0.3.2 at least, a recommended version of 2.5.18 is being used. Recommendations have changed though requiring it to be patched up to 2.5.22. The original vulnerability had the potential to execute arbitrary code on the system, it seems the new recommendation is more around a Denial of Service Attack but the older more serious risk is still showing as active up to 2.5.20

CVE-2019-0233 CVE-2019-0230

The original notification https://www.ibm.com/support/pages/node/6324787 

Avra: Enhancing B2Bi Connectivity Understanding the World of B2Bi with Coliance’s Expertise In the ever-evolving landscape of Business-to-Business Connectivity (B2Bi), Coliance has

Unveiling Opsis: Exploring Coliance’s Innovative Solution Opsis, derived from the Greek term for “sight,” “view,” or “appearance,” is a powerful new solution

Chris and Boris’s 3rd Annual Dog Walking Challenge: A 120km Journey for Macmillan Cancer Support October is here, bringing with it a

Unlocking the Power of B2Bi Middleware in a Hyper-Connected Business World In today’s hyper-connected business landscape, the effective exchange of data and

Importance of Project Management Introduction: Project management has become a crucial subject for organisations looking to drive success, manage complexity, and maximise

Streamlined Compliance and Cost Savings: Unleash the Full Potential of Your IBM Licences with Coliance’s Managed ILMT Service In the dynamic landscape

Let's get started

Book a consultation