The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

IBM Sterling B2B Integrator Multiple Products CLA2 Server Arbitrary Command Injection Vulnerability

Secunia ID




Release Date

11 Apr 2013

Last Change

13 Sep 2013


Moderately Critical

Solution Status

Vendor Patch


IBM Gentran Integration Suite 4.x
IBM Sterling B2B Integrator 5.x
IBM Sterling File Gateway 1.x
IBM Sterling File Gateway 2.x


From local network

System access

This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.


A vulnerability has been reported in multiple IBM Sterling B2B Integrator products, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error within the CLA2 server and can be exploited to inject and execute arbitrary shell commands.

The vulnerability is reported in the following products and versions:
* IBM Gentran Integration Suite version 4.3
* IBM Sterling Integrator version 5.0
* IBM Sterling Integrator version 5.1
* IBM Sterling B2B Integrator version 5.2
* IBM Sterling File Gateway version 1.1
* IBM Sterling File Gateway version 2.0
* IBM Sterling File Gateway version 2.1
* IBM Sterling File Gateway version 2.2


Gentran Integration Suite 4.3:
Sterling File Gateway 1.1:
Apply iFix 4325_1 (download from IWM)

Sterling Integrator 5.0:
Sterling File Gateway 2.0:
Apply iFix 5009_1 (download from IWM)

Sterling Integrator 5.1:
Sterling File Gateway 2.1:
Apply Fix Pack 5104 (download from IWM)

Sterling B2B Integrator 5.2:
Sterling File Gateway 2.2:
Apply iFix 5020401_2 (download from Fix Central)

Reported by

Reported by the vendor.

Original Advisory

IBM (IC85189):