Vulnerability Details : CVE-2012-5937
Unspecified vulnerability in the CLA2 server in IBM Gentran Integration Suite 4.3, Sterling Integrator 5.0 and 5.1, and Sterling B2B Integrator 5.2, as used in IBM Sterling File Gateway 1.1 through 2.2 and other products, allows remote attackers to execute arbitrary commands via unknown vectors.
Products affected by CVE-2012-5937
- cpe:2.3:a:ibm:gentran_integration_suite:4.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:sterling_integrator:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:sterling_integrator:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:sterling_file_gateway:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:sterling_file_gateway:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:sterling_file_gateway:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:sterling_file_gateway:2.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-5937
0.55%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-5937
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2012-5937
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IC85189
IBM IC85189: Security APAR CVE-2012-5937. Sterling B2B Integrator CLA2 allows user to execute arbitrary OS commands.Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=swg21633925
IBM Security Bulletin: Vulnerability in IBM® Sterling B2B Integrator can lead to ability to execute OS commands from CLA2 server without authentication (CVE-2012-5937).Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/80403
IBM Sterling B2B Integrator CLA2 command execution CVE-2012-5937 Vulnerability Report
Jump to