CVE-2012-5937
Summary
| CVE | CVE-2012-5937 |
|---|---|
| State | PUBLISHED |
| Assigner | ibm |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-04-12 19:55:01 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | Unspecified vulnerability in the CLA2 server in IBM Gentran Integration Suite 4.3, Sterling Integrator 5.0 and 5.1, and Sterling B2B Integrator 5.2, as used in IBM Sterling File Gateway 1.1 through 2.2 and other products, allows remote attackers to execute arbitrary commands via unknown vectors. |
Risk And Classification
Primary CVSS: v2.0 9.3 from [email protected]
AV:N/AC:M/Au:N/C:C/I:C/A:C
Problem Types: NVD-CWE-noinfo | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:M/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Gentran Integration Suite | 4.3 | All | All | All |
| Application | Ibm | Sterling B2b Integrator | 5.2 | All | All | All |
| Application | Ibm | Sterling File Gateway | 1.1 | All | All | All |
| Application | Ibm | Sterling File Gateway | 2.0 | All | All | All |
| Application | Ibm | Sterling File Gateway | 2.1 | All | All | All |
| Application | Ibm | Sterling File Gateway | 2.2 | All | All | All |
| Application | Ibm | Sterling Integrator | 5.0 | All | All | All |
| Application | Ibm | Sterling Integrator | 5.1 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IC85189: Security APAR CVE-2012-5937. Sterling B2B Integrator CLA2 allows user to execute arbitrary OS commands. | af854a3a-2127-422b-91ae-364da2661108 | www-01.ibm.com | Vendor Advisory |
| Security Bulletin: Vulnerability in IBM® Sterling B2B Integrator can lead to ability to execute OS commands from CLA2 server without authentication (CVE-2012-5937). | af854a3a-2127-422b-91ae-364da2661108 | www.ibm.com | Vendor Advisory |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.