Product Documentation
Abstract
This page contains comprehensive fix information for all Fix Packs released for IBM Sterling B2B Integrator and IBM Sterling File Gateway V6.0 and later.
Content
IBM periodically releases fix packs for download to resolve issues in IBM Sterling B2B Integrator. All IBM Sterling B2B Integrator customers should download the most recently available fix pack and apply it to their environments.
All fix packs are cumulative. Download the most recently available fix pack for the current release, then review all the fix information on that tab to fully understand the package you are downloading and installing.
Follow these steps to update your system:
Mod Pack (V6.0.0.0)
- Download the fix pack from Fix Central.
- Install the fix pack on each node in your environment. Remember that a node outage is required. You should apply the fix pack to your test environment first and run regression tests against it before applying it to production.
Mod Pack (V6.0.0.0)
Fix Pack 1 (V6.0.1.1)
Fix Pack 2 (V6.0.2.2)
| Link | Date Released | Status |
|---|---|---|
| Download |
August 24, 2018 |
Available |
Security Fixes
| APAR | Description |
| IT19020 | When installing IBM Sterling B2B Integrator using IIM, a temporary silent installation file containing clear text passwords is created. |
Regular Fixes
| APAR | Description |
| IT24560 | SOA outbound security service creates a corrupted Subjectkeyidentifier entry for short subject keys. |
| IT24323 | Add aes-ctr support that is FIPS compliant in IBM Sterling B2B Integrator. |
| IT19818 | XSS vulnerability in the queuewatcher. |
| IT25571 | Perimeter Server should allow the user to set keepalive values. |
| IT25347 | The tuning.properties are overwritten with the default values. |
| IT24202 | Cannot use "ws" in the host name of the IBM Sterling B2B Integrator Cluster environment. |
| IT24502 | The workflowlauncher.sh/cmd returns invalid wfstatus = -1 when the wf_id exceeds 2152047493. |
| IT24548 | The Alert service fails when the workflow id is greater than 2147483648. |
| IT20159 | The column in table used for Connect:Direct Server Adapter is set to small for large workflows (over 10 digits)). |
| IT19004 | Upgrade to V5261 fails but the logs do not provide any information about the failure. |
| IT19018 | IBM Sterling B2B Integrator gets installed to <installlocation>\install when using IIM. |
| IT17399 | Sap suite 3 idoc metadata builder allows passwords only with a maximum of 8 alphanumeric characters and upper case letters. |
| IT20158 | Connect:Direct Server session sets workflow ID incorrectly in the session record when the workflow ID has 10 or more digits. |
| IT16890 | Run .sh reports "gdha_start_script: not found" after installing the module. |
For instructions on installing a fix pack, refer Applying a Fix Pack topic of Sterling B2B Integrator Knowledge Center.
| Link | Date Released | Status |
|---|---|---|
| No Longer Available |
February 28, 2019 |
Superseded |
Note: This Fix Pack also contains APAR security and regular fixes from 5.2.5_19, 5.2.6.3_9, and 5.2.6.4 releases.
Security Fixes
| APAR | Description |
| IT26305 | SECURITY VULNERABILITY: UN ENCRYPTED LOGIN REQUEST |
| IT19755 | SECURITY VULNERABILITY - XML ENTITY EXPANSION (BILLION LAUGHS ATTACKS) LEADS TO DENIAL OF SERVICE |
Regular Fixes
| APAR | Description |
| IT26692 | THE STOPASI.SH DOES NOT STOP THE IBM STERLING B2B INTEGRATOR APPLICATION |
| IT27004 | THE GRAPHICAL BUSINESS PROCESS MODELER IS NO LONGER ABLE TO LIST THE BUSINESS PROCESSES |
| IT28207 | THE IBM STERLING B2B INTEGRATOR DASHBOARD RETURNS UNEXPECTEDLY TO THE HOMEPAGE AFTER A WHILE |
| IT27848 | AFTER UPGRADING TO V6.0.0.0, THE SFTP CLIENT PUT STEP IS STUCK IN WAITING_ON_IO STATE |
| IT27955 | EXIT ERROR OCCURS WHEN LOGGING OUT OF IBM STERLING FILE GATEWAY V6.0 USING GOOGLE CHROME |
| IT27881 | VULNERABLE TO NON-PERSISTENT CROSS SITE SCRIPTING ATTACKS IN GETTING OFFER DETAILS ON EBICS SERVER |
| IT27878 | VULNERABLE TO NON-PERSISTENT CROSS SITE SCRIPTING ATTACKS IN GETTING CONTRACT DETAILS ON EBICS SERVER |
| Link | Date Released | Status |
|---|---|---|
| No Longer Available |
June 20, 2019 |
Superseded |
Note: This Fix Pack also contains APAR security and regular fixes from 5.2.5_20, 5.2.6.3_10, and 5.2.6.4_1 releases.
Security Fixes
| APAR | Description |
| IT26305 | SECURITY VULNERABILITY: UNENCRYPTED LOGIN REQUEST |
| IT29305 | SECURITY VULNERABILITY-PATH TRAVERSAL |
Regular Fixes
| APAR | Description |
| IT29122 | HTTP SERVER REQUESTS HANGS AND THE NUMBER OF ACTIVE CONNECTIONS GROWS IN THE PERIMETER SERVER LOG |
| IT29363 | THE EDI CORRELATION SCREEN SHOWS BROKEN IMAGES |
| IT29025 | USER ACCOUNT SERVICES UPDATE API DOES NOT SET AUTHENTICATION TYPE TO "BOTH" |
| IT28879 | UNWANTED DATA IS POPULATED IN THE IBM STERLING B2B INTEGRATOR DASHBOARD URL |
| IT28552 | AWS S3 CLIENT GET OPERATION RECEIVES ONLY 1024 BYTES OF DATA EVEN IF THE FILE SIZE IS HIGHER |
| IT28553 | AWS S3 CLIENT PUT SERVICE SENDS THE WRONG REGION NAME IN THE AUTHORIZATION HEADER |
| IT27109 | B2BI4SPE PROCESS DATA BY DOCUMENT ENHANCEMENT NEEDS FIX FOR BACKWARD COMPATIBILITY WITH OLDER SPE VERSIONS |
| IT28203 | IBM STERLING FILE GATEWAY ROUTE BY PRODUCER DETAIL REPORT DOES NOT FILTER BASED ON PRODUCER OR CONSUMER |
| IT28644 | AFTER UPGRADE FROM V5.2.5 TO V6.0.0.1, THE NAMESPACE XMLN ATTRIBUTE IS MISSING AND DOCTODOM DOES NOT WORK CORRECTLY |
| IT27454 | UNABLE TO LOAD THE TUNING WIZARD ON NODE2 OR HIGHER FOR IBM STERLING B2B INTEGRATOR V6.0 CLUSTER ON WINDOWS SERVER |
| IT26815 | IN IBM STERLING B2B INTEGRATOR V6.0.0.0, THE LIST OF HALTED Bps (FROM TROUBLESHOOTER) DISPLAYS AN EMPTY PAGE |
| IT28845 | MAP TEST UTILITY FOR IBM STERLING B2B INTEGRATOR V6.0 DOES NOT EXECUTE DUE TO INCORRECT JAVA VERSION IN REGISTRY |
| IT27076 | UNABLE TO IMPORT CONTRACT WITH AN EMPTY SCI_CONTRACT_EXTNS XML TAG |
| Link | Date Released | Status |
|---|---|---|
| No Longer Available |
September 19, 2019 |
Superseded |
Note: This Fix Pack also contains APAR security and regular fixes from 5.2.6.3_11, 5.2.6.4_2, and 5.2.6.5 releases.
Regular Fixes
| APAR | Description |
| IT30098 | THE IBM STERLING B2B INTEGRATOR UI ALLOWS BPs WITH NAMES LONGER THAN 30 CHARACTERS BUT THE CREATE WORKFLOW API RESTRICTS TO 30 |
| LDAP AUTHENTICATION FAILS IN V6.0.1 WITH CERTAIN ENCRYPTED STRINGS | |
| IT29751 | JMS1.1 ASYNC RECEIVE ADAPTER IN IBM STERLING B2B INTEGRATOR 6.0.0.1 FAILS TO CONSUME MESSAGES FROM IBM WEBSPHERE MQ SERVER |
| IT29511 | DURING ENVELOPING, WHEN ACKNOWLEDGEMENTDETAILLEVEL IS NOT DEFINED, IT DEFAULTS TO "GROUP". CORRECT DEFAULT SHOULD BE "DATA ELEMENT" |
| IT29890 | THE PROPERTYUI.WAR CONTAINS THE OLD OJDBC7.JAR DRIVER AFTER YOU UPGRADE FROM V5.2.6.3 TO V6.0.1 |
| IT29932 | ERROR IN PERIMETER LOG FILE AFTER UPGRADE TO V6.0.0.0 |
| IT29358 | CRYPTOGRAPHIC MESSAGE SERVICE DISPLAYS AN ERROR AFTER YOU UPGRADE TO IBM STERLING B2B INTEGRATOR V6.0.0.0 |
| IT27099 | MAILBOX EXTRACT SERVICE PULLS INCORRECT DATA FROM GLOBAL MAILBOX |
| Link | Date Released | Status |
|---|---|---|
| Download |
January 21, 2020 |
Available |
Note: This Fix Pack also contains APAR security and regular fixes from 5.2.6.3_13 and 5.2.6.4_3 releases.
Security Fixes
| APAR | Description |
| HOST HEADER MANIPULATION IN IBM STERLING B2B INTEGRATOR | |
| IT30099 | SQL INJECTION IN ACCOUNT INFO PAGE |
Regular Fixes
| APAR | Description |
| IT29794 | UNHANDLED EXCEPTION OCCURS IN THE LOCAL LISTENER |
| IT30393 | IBM STERLING B2B INTEGRATOR READ SCHEDULE API RETURNS A 400 ERROR |
| IT30669 | THE NOAPP.LOG IS FILLED WITH OPSSERVERRMIIMPL.GETWFTHREAD AND WF_ID IS NULL MESSAGES |
| Link | Date Released | Status |
|---|---|---|
| Download |
July 28, 2020 |
Current |
Security Fixes
| APAR | Description |
| IT32838 | SPE REMOTE MAP TEST SSL ERROR VERSION OF JAVA RUNTIME DOES NOT SUPPORT THE TLS VERSION ON THE SERVER |
Regular Fixes
| APAR | Description |
| IT28643 | UNABLE TO CUSTOMIZE COLOR OF LOGIN FORM AFTER UPGRADING TO V6.0.0 |
| IT29356 | SIGNING OUT OF IBM MYFILEGATEWAY IN IBM STERLING B2B INTEGRATOR V6.0.1.0 USING GOOGLE CHROME DISPLAYS AN ERROR |
| IT29400 | GENCSR.SH DOES NOT WORK FOR CREATING A CERTIFICATE SIGNING REQUEST WITH SCIKS STORE TYPE |
| IT29731 | MAP TEST UTILITY COMPLETES SUCCESSFULLY WITH INCORRECT USER ID AND PASSWORD |
| IT29794 | UNHANDLED EXCEPTION OCCURS IN THE LOCAL LISTENER |
| IT29913 | WITH NIST STRICT COMPLIANCE ENABLED SSH ECDSA-SHA2-NISTP256 KEY OF LENGTH 256 IS NOT SUPPORTED |
| IT31598 | CODELISTS AND SCHEDULES UI ISSUES WITH THE LATEST VERSION OF CHROME |
| IT31879 | SINGLE SIGN ON BETWEEN IBM STERLING FILE GATEWAY AND B2B INTEGRATOR DASHBOARD IS NOT WORKING |
| IT32158 | READ AND UPDATE SCHEDULE API DISPLAY WRONG RESULTS WHEN SCHEDULE RUNS MULTIPLE TIMES IN A DAY |
| IT32627 | LWJDBC WITH ORACLE SYS_GUID() QUERY RETURNING DIFFERENT RESULT |
| IT33102 | UNABLE TO EXPORT SYSTEM CERTIFICATES WHEN FIPS MODE IS ON |
| IT32647 | LWJDBC WITH ORACLE SYS_GUID() QUERY RETURNING DIFFERENT RESULT |
| IT33394 | UPDATE DOCUMENTINPUTSTREAM AVAILABLE() METHOD FOR USE BY LARGE FILE INPUT SIZE |
| IT31933 | ISA/ISE DOCUMENTS SHOWING UP IN ITXA UI WHEN SPE DEENVELOPE SERVICE IS USED |
| IT31959 | INSTANCE DATA SCREEN SHOWS USER DOES NOT HAVE PERMISSION WHEN NAVIGATING A WORKFLOW ID THROUGH OPERATIONS -> THREAD MONITOR |
| IT33510 | SFTP SERVER LOGGING NOT SHOWING SAME RESULTS ABOUT NEGOTIATION ANYMORE AS PREVIOUS B2BI VERSIONS |
| Link | Date Released | Status |
|---|---|---|
| No Longer Available |
January 22, 2021 |
Superseded |
Note: This Fix Pack also contains APAR security and regular fixes from 5265_3 releases.
Security Fixes
| APAR | Description |
| IT35207 | CDSA SECURE+ SESSIONS CONFIGURED WITH ECDSA-BASED CIPHERS FAIL AFTER UPGRADING FROM 6.0.3.0 TO 6.0.3.3 |
| IT35358 | CAN MODIFY THE HTTP POST REQUEST AND FILL MALICIOUS VALUE IN THE DATABASE AND CAN ACCESS INFORMATION IN EBICS |
| IT35351 | SQL INJECTION IN PAGEEBICSCLIENT.GUI.HAC.PROFILELIST |
| IT35353 | CAN MODIFY THE HTTP POST REQUEST AND FILL THE MALICIOUS VALUE IN THE DATABASE |
| IT35354 | ADDITIONAL SQL CODE IS EXECUTED IF EBICS CLIENT GET HTTP COMMUNICATION IS MALICIOUSLY INJECTED |
| IT35355 | CAN INTERCEPT AND MODIFY THE HTTP POST REQUEST AND FILL THE MALICIOUS VALUE IN THE DATABASE |
| IT35356 | ADDITIONAL SQL CODE IS EXECUTED IF EBICS CLIENT GET HTTP COMMUNICATION IS MALICIOUSLY INJECTED |
Regular Fixes
| APAR | Description |
| IT34225 | HTTP SERVER ADAPTER RETURNING 200 RESPONSE FOR TRACE COMMAND WITH INVALID URI |
| IT24992 | SLOW PROCESSING OF DMI VISIBILITY EVENTS |
| IT24988 | MDN PARSING SERVICE ERRORS ON EXPERIMENTAL HEADER |
| IT24979 | CROSS-SITE SCRIPTING ISSUE IN IBM STERLING B2B INTEGRATOR DASHBOARD |
| IT24938 | OBSCURE DATA SERVICE REVEALS REAL PASSWORD IN LOG FILES WHEN DEBUG IS ON |
| IT24912 | SWIFTNET7: GREEN LIGHT FOR FAILED SWIFTNET7FILEACTFETCH, IF HTTP CONNECTION TO MEFG IS BROKEN |
| IT24705 | PASSWORD TRANSFERRED WITHOUT ENCRYPTION IN XML |
| IT24588 | ENHANCEMENT REQUEST FOR PERFORMANCE OF BP MONITORING WITH XPATH IN ICC |
| IT24591 | RFE: allowlist FUNCTION FOR ICC & IBM STERLING B2B INTEGRATOR BUSINESS PROCESS INCLUSION |
| IT24279 | SECURITY VULNERABILITY: THE JSESSIONID IS DISPLAYED IN THE URL IN IBM STERLING FILE GATEWAY VIEW |
| IT24138 | EXECUTING SAPCLASS.SH/.CMD FROM THE COMMAND LINE DOES NOT ADD THE SEGMENT VERSION TO THE RESULTING DDF FILE |
| IT23786 | TRAFFIC BY PROTOCOL REPORT AND THE COMMUNICATION SESSION DETAILS FOR INBOUND SFTP SESSION, THE PRINCIPAL IS MISSING |
| IT16643 | SUPER USERS BLOCKED FROM ACCESSING IBM STERLING B2B INTEGRATOR PROTOCOL ADAPTERS |
| IT20250 | AN ERROR OCCURS IN THE VISIBILITY.LOG FILE WHEN THE HTTP CLIENT BUSINESS PROCESS IS INVOKED WITH A PRIMARY DOCUMENT |
| IT21525 | AN ERROR OCCURRS IN THE PARTNER CONFIGURATION PAGE WHEN NIST IS SET TO TRANSITION |
| IT21967 | AN ADDITIONAL DATE LINE IS DISPLAYED IN THE SOAP RESPONSE MESSAGE CONTAINING HTTP 200 OK MESSAGE |
| IT22229 | FTP SERVER ADAPTER BECOMES SLOW AND UNRESPONSIVE |
| IT22347 | THE SOA OUTBOUND MESSAGE PROCESSING SERVICE DOES NOT APPEAR TO CONVERT THE DATE INTO 24-HOUR FORMAT |
| IT22458 | SESSION TIMEOUT DOES NOT HONOUR DEFAULT 3 MINUTES TIMEFRAME IN ANY WSMQ SERVICES OF IBM STERLING B2B INTEGRATOR |
| IT22930 | THE FLAT FILE IS PICKED UP TWICE BY THE JMS SERVICE |
| IT23426 | ALL RESOURCE VERSIONS ARE NOT IMPORTED |
| IT23447 | SOAP OUTBOUND SERVICE ALWAYS SETS "CONTENT-TYPE: TEXT/XML;CHARSET=ISO-8859-1" |
| IT23507 | THE MAILBOX EXTRACT ABORT SERVICE MODIFIES THE DATA_FLOW INCORRECTLY |
| IT23730 | CDSA SUSPEND QUEUE PROCESSING STALLS WHEN THERE ARE OVER 1000 SUSPENDED SESSIONS |
| IT32753 | FTP CLIENT-GET SERVICE WITH DELAYWAITINGONIO SET TO -1 DOES NOT WORK ON 5.2.6.3_12 |
| IT34618 | IN CHROME THE CALENDAR UNDER BUSINESS PROCESS--> ADVANCED SEARCH--> ROSETTANET IS NOT FORMATTED CORRECTLY |
| IT34968 | WORKFLOW.ACTIVITY_ENGINE.ERR_AEHELPER_OVERLAYINLINECHILDWITHPARENT3 INCORRECTLY LABELED "ERROR" |
| IT35352 | ADDITIONAL SQL CODE IS EXECUTED IF EBICS CLIENT GET HTTP COMMUNICATION IS MALICIOUSLY INJECTED |
| Link | Date Released | Status |
|---|---|---|
| Download |
July 30, 2021 |
Available |
Note: This Fix Pack also contains APAR security and regular fixes from 5265_4 releases.
Security Fixes
| APAR | Description |
| IT35348 | SECURITY VULNERABILITY: PERMISSION CONTROL SECURITY VULNERABILITIES AFFECT THE DASHBOARD UI |
| IT35458 | SECURITY VULNERABILITY: ECLIPSE JETTY PRIVILEGE ESCALATION |
| IT35605 | ACCESS CONTROL VULNERABILITY AFFECTS IBM STERLNG FILE GATEWAY (CVE-2021-20372) |
| IT35764 | SECURITY VULNERABILITY: ACCESS +C6:C20CONTROL VULNERABILITY IN DELETING A DOWNLOADED FILE |
| IT35660 | SECURITY VULNERABILITY: USER ENUMERATION VULNERABILITY IN MYFILEGATEWAY USER INTERFACE |
| IT35837 | SECURITY VULNERABILITY: SESSION FIXATION SECURITY VULNERABILITY IN FILEGATEWAY |
| IT35845 | CROSS SITE SCRIPTING VULNERABILITY 6.1 (PERSISTENT XSS) |
| IT36280 | SECURITY VULNERABILITY: MYFILEGATEWAY UI DISPLAYS SENSITIVE INFORMATION AFTER LOGOUT |
| IT36300 | SECURITY VULNERABILITY - MYFILEGATEWAY FILE-NAME COULD BE INTERCEPTED TO INJECT DISALLOWED CHARACTERS IN FILENAME |
| IT36390 | SECURITY VULNERABILITY: ACCESS CONTROL SECURITY VULNERABILITY EXISTS IN MYFILEGATEWAY USER INTERFACE |
| IT36447 | 3RD PARTY STORED CROSS SITE SCRIPTING IN IBM STERLING B2B INTEGRATOR |
| IT36570 | SECURITY VULNERABILITY: INFORMATION DISCLOSURE SECURITY VULNERABILITY IN THE DASHBOARD USER INTERFACE |
| IT36609 | SECURITY VULNERABILITY: PERSISTENT XSS SECURITY VULNERABILITY EXISTS IN THE WEB SERVICE MANAGEMENT USER INTERFACE |
| IT36688 | SECURITY VULNERABILITY: PERSISTENT XSS SECURITY VULNERABILITY EXISTS IN THE WEB SERVICE MANAGEMENT USER INTERFACE |
| IT36900 | SECURITY VULNERABILITY: PERMISSION CONTROL SECURITY VULNERABILITY EXISTS IN CREATING USER NEWS IN THE DASHBOARD USER INTERFACE |
| IT36914 | SECURITY VULNERABILITY: PERMISSION CONTROL SECURITY VULNERABILITIES EXISTS WHILE DOWNLOADING WAR FILE FROM WEB EXTENSION UTILITY |
| IT36930 | SECURITY VULNERABILITY: ACCESS CONTROL SECURITY VULNERABILITY EXISTS WHILE VIEWING THE ROSETTA NET ACTIVITIES |
| IT36951 | SECURITY VULNERABILITY: THE PAGE NLS/MESSAGE.JS ON THE HOST FOR B2B API DOES NOT RETURN X-FRAME-OPTIONS |
| IT37031 | SECURITY VULNERABILITY: STORED XSS SECURITY VULNERABILITY EXISTS IN DASHBOARD USER INTERFACE CAUSED BY NOT CHECKING SERVER NAME WHEN CREATING A PERIMETER SERVER |
| IT37615 | UPGRADE APACHE XCERCES2 J (CVSS 7.5) |
| IT37617 | UPGRADE CKEDITOR (CVSS 6.5) |
| IT37676 | SECURITY VULNERABILITY: IBM MQ IS VULNERABLE TO A DENIAL OF SERVICE ATTACK CAUSED BY AN ERROR PROCESSING CONNECTING APPLICATION |
| IT37678 | UPGRADE DATA MAPPER FOR JACKSON (CVSS 7.5) |
| IT37681 | UPGRADE XML BEAN (CVSS 9.1) |
| IT37682 | UPGRADE APACHE TOMCAT JARS (CVSS 9.8) |
| IT37683 | SECURITY VULNERABILITY: [ALL] JACKSON-DATABIND |
| IT37693 | UPDATE APACHE COMMONS BEANUTILS (CVSS 7.5) |
| IT37677 | UPGRADE JACKSON DATAFORMATS JAR (CVSS 7.5) |
| IT37913 | UPDATE BOUNCY CASTLE JAR IN GATEWAY.WAR (CVSS 9.8) |
| IT36552 | UPDATE JASPERREPORTS (CVSS 8.8) |
| IT36354 | REFLECTED CROSS-SITE SCRIPTING VULNERABILITY IN IBM STERLING B2B INTEGRATOR DISCOVERED BY THIRD PARTY |
Regular Fixes
| APAR | Description |
| IT35622 | THE SCRIPT STOPCONTAINER.SH DOES NOT WORK WHEN THE USER'S ACCOUNT NAME IS MORE THAN EIGHT CHARACTERS |
| IT32753 | FTP CLIENT SERVICES DO NOT WORK WHEN DELAYWAITINGONIO IS SET TO -1 |
| IT33075 | ERROR FOUND IN NOAPP.LOG FILE |
| IT35181 | THE FILEGATEWAY AND MYFILEGATEWAY USER INTERFACES LACK SUFFICIENT PERMISSION CONTROL |
| IT36764 | DUAL AUTHENTICATION FAILS WHEN THE SFTP REMOTE PROFILE IS UPDATED |
| IT37218 | EBICS CLIENT ISSUE WHILE PROCESSING THE HEV ORDER RESPONSE |
| IT37392 | SFTP CLIENT GET SERVICE FAILS TO DOWNLOAD MORE THAN 99 FILES IN ONE SINGLE SESSION |
| IT36929 | FILENAME FILTER IN SFTP CLIENT SERVICES IS CASE SENSITIVE |
| IT36971 | A SPECIFIC SEQUENCE OF MOUSE-CLICK ACTIONS CORRUPTS THE SYNTAX TOKEN |
| IT36975 | DELIMITER WITH THE TAB CHARACTER 0X09 IS CHANGED TO 0X00 AFTER THE MAP IS SAVED AND REOPENED |
| IT37912 | IBM WEBSPHERE MQ (PUBLICLY DISCLOSED VULNERABILITY) |
| Link | Date Released | Status |
|---|---|---|
| Download |
January 13, 2022 |
Available |
| APAR | Description |
| IT39380 | UPGRADE LOG4J TO 2.17.0 |
Fix Pack 8 (V6.0.0.8)
| Link | Date Released | Status |
|---|---|---|
| Download |
June 20, 2022 |
Current |
Security Fixes
Regular Fixes
| APAR | Description |
| IT38279 | INBOUND CD SECURE+ FAILING WITH HSM CERTIFICATE |
| IT37256 | EDIFACT ENVELOPE SERVICE DOES NOT WORK THE SAME AS THE X12 ENVELOPE SERVICE WHEN ERRORS ARE ENCOUNTERED DURING TRANSLATION |
| IT38117 | SWIFTNET7: OPEN COMMUNICATION SESSIONS AFTER TIMEOUT FOR LATE INBOUND REQUESTS |
| IT39284 | SUSPECTED DEFECT IN EDIFACTENVELOPEUNIFIED PROCESS WHEN TRYING TO RESUME A HALTED INSTANCE OF THE PROCESS |
| IT39974 | MULTIPLE SECURITY ISSUES FOR SAME MYFILEGATEWAY URL |
| IT38235 | CUSTOMIZATION LINK IS NOT ACCESSIBLE |
| IT37444 | DASHBOARD AND MAILBOX USER SESSION INFORMATION IS ARCHIVED INCORRECTLY |
| IT39527 | SFTP AUTHENTICATION CAUSING ALL CORES OF THE DB TO MAX OUT TO 100% |
| IT38065 | BANDWIDTH LIMITING POLICY TO LIMIT CONCURRENT CONNECTIONS ON SFTP SERVER IS NOT WORKING AS EXPECTED |
| IT38367 | ORPHANS CREATED IN TRANS_DATA FOR DOCUMENTS |
| IT39450 | USER CACHE GETTING CLEARED DURING IMPORT OF CERTAIN RESOURCES |
| IT38620 | CREATE TRADING PARTNER API IS UNABLE TO SAVE FEW PARAMETERS OF WEBSPHERE MQ FTE BASED LISTENING CONSUMER TYPE PARTNER |
| IT37467 | "CANNOT FIND CLASS NAME FOR OID: OID 1.2.840.113549.1.9.52" WHEN PROCESSING OFTP2 INBOUND MESSAGE |
| IT38166 | AFTER APPLYING 6.0.3.4 IFIX APAR IT37392, SFTP CLIENT GET FAILS WITH ERROR MESSAGE = [NO SUCH FILE: THE MESSAGE [XXX/ABC] IS NOT EXTRACTABLE!:] |
| IT32183 | AS2INBOUND WORKFLOW PROCESSES OUTBOUND MDN INSTEAD OF ACTUAL PAYLOAD WHENEVER EDIINTPIPELINEPARSE FAILS |
| IT39188 | SFTP CLIENT REGRESSION AFTER APPLYING V6.0.0.7 |
| IT39445 | INTERRUPTED FILE TRANSFER BEHAVES DIFFERENTLY FOR GLOBAL MAILBOX |
| IT34497 | 5265_4> SAP INBOUND ROUTE GETS CREATED AS OUTBOUND ROUTE WHEN THE LANGUAGE IS FRENCH |
| IT38302 | ICC MONITORING OF SI FAILS WITH "ORA-00920: INVALID RELATIONAL OPERATOR" AFTER SI UPGRADE FROM 5.2.6.2 TO 6.1.0.1 |
| IT39709 | SUPPORTED ORDER TYPES LISTED TWICE WHEN CONFIGURING A FILE FORMAT VIA THE EBICS CLIENT UI |
| IT37438 | SFTP CLIENT GET SERVICE WITH WILDCARD PATTERN GETS DUPLICATE SCIOBJECTID IN PROCESSDATA |
| IT41004 | HOW TO DISABLE SSH-RSA ALGORITHM IN SERVER HOST KEY ALGORITHMS LIST |
| IT41631 | ENHANCE B2B MAIL CLIENT ADAPTER FOR ACCESSING MICROSOFT EXCHANGE WITH OAUTH 2.0 |
| Link | Date Released | Status |
|---|---|---|
| Download |
April 20, 2019 |
Available |
Note: This Fix Pack also contains APAR security and regular fixes from 5.2.5_19 , 5.2.6.3_9 , 5.2.6.4_1, and 6.0.0.1 releases.
Security Fixes
| APAR | Description |
| IT28698 | SECURITY VULNERABILITY-CROSS SITE SCRIPTING: ISSUE REPORTED ON MAILBOX VIRTUAL ROOT CONFIGURATION PAGE |
| IT26305 | SECURITY VULNERABILITY-UNENCRYPTED LOGIN REQUEST |
| IT28292 | SECURITY VULNERABILITY-STORED CROSS SITE SCRIPTING IN USER NEWS MANAGEMENT |
| IT28300 | SECURITY VULNERABILITY-STORED CROSS SITE SCRIPTING IN PASSWORD POLICY MANAGEMENT |
| IT28306 | SECURITY VULNERABILITY-STORED CROSS SITE SCRIPTING IN ACCOUNT GROUP MANAGEMENT |
| IT28310 | SECURITY VURNERABILITY-STORED CROSS SITE SCRIPTING IN ACCOUNT PERMISSION MANAGEMENT |
| IT28063 | SECURITY VULNERABILITY-USER CAN ACCESS BUSINESS PROCESS DEFINITION EVEN WITHOUT THE PERMISSION TO VIEW IT |
| IT28113 | INFORMATION DISCLOSURE VULNERABILITY AFFECTS IBM STERLING B2B INTEGRATOR (CVE-2019-4377) |
| IT28166 | SECURITY VULNERABILITY-STORED CROSS SITE SCRIPTING FOR XSLT MANAGEMENT |
Regular Fixes
| APAR | Description |
| IT28644 | AFTER UPGRADE FROM V5.2.5 TO V6.0.0.1, THE NAMESPACE XMLN ATTRIBUTE IS MISSING AND DOCTODOM DOES NOT WORK CORRECTLY |
| IT28421 | INSTALL AND UPGRADE TO V5.2.6.4 FAILS IF YOU USE ORACLE SERVICE NAME OR ORACLE_JDBC_URL |
| IT28203 | IBM STERLING FILE GATEWAY ROUTE BY PRODUCER DETAIL REPORT DOES NOT FILTER ON PRODUCER/CONSUMER |
| IT27892 | AUTHENTICATION.LOG DISPLAYS INCONSISTENT LOGIN IDs |
| IT28365 | PAGE NOT FOUND OR NOT ALLOWED ERROR IN IBM STERLING FILE GATEWAY WHEN YOU ACCESS PARTICIPANTS PAGE |
| IT28643 | UNABLE TO CUSTOMIZE COLOR OF LOGIN FORM AFTER UPGRADING TO V6.0 |
| IT27454 | UNABLE TO LOAD THE TUNING WIZARD ON NODE2 OR HIGHER FOR IBM STERLING B2B INTEGRATOR V6.0 CLUSTER ON WINDOWS SERVER |
| IT27386 | UPGRADE TO IBM STERLING B2B INTEGRATOR 6.0 FAILS BECAUSE OF LOCK RECORD ON THE /EBICS_DEAD LETTER MAILBOX |
| IT27406 | HEADERDATEINCLUSION INCLUDED IN TRANSLATOR.PROPERTIES FILE IS REMOVED FROM IBM STERLING B2B INTEGRATOR |
| IT28467 | ACCESS TO PROCESS DATA IS POSSIBLE EVEN WITHOUT THE PERMISSION TO VIEW THE BUSINESS PROCESS |
| IT28468 | VERTICAL PRIVILEGE ESCALATION - XML REPORT CAN BE ACCESSED |
| IT28207 | THE IBM STERLING B2B INTEGRATOR DASHBOARD RETURNS UNEXPECTEDLY TO THE HOMEPAGE AFTER A WHILE |
| IT28177 | USER CAN ACCESS BUSINESS PROCESS DEFINITION EVEN WITHOUT THE PERMISSION TO VIEW IT |
| IT28176 | USER CAN ACCESS PRIMARY DOCUMENTS EVEN WITHOUT THE PERMISSIONS TO VIEW IT |
| IT24603 | THE IMPORT SERVICE DOES NOT DISPLAY THE STATUS AS FAILED |
| IT22462 | CREATE PARTNER API WITH PRE-EXISTING NON PARTNER USER ACCOUNT LEAVES THE PARTNER ACCOUNT INCONSISTENT |
| IT29100 | UNABLE TO ACCESS SECURE DASHBOARD AFTER UPGRADING FROM 5.2.6.3_x TO 5.2.6.4 |
Fix Pack 1 (V6.0.1.1)
| Link | Date Released | Status |
|---|---|---|
| No Longer Available |
September 19, 2019 |
Superseded |
Note: This Fix Pack also contains APAR security and regular fixes from 5.2.6.3_11, 5.2.6.4_2, 5.2.6.5, and 6.0.0.3 releases.
Regular Fixes
| APAR | Description |
| IT30098 | THE IBM STERLING B2B INTEGRATOR UI ALLOWS BPs WITH NAMES LONGER THAN 30 CHARACTERS BUT THE CREATE WORKFLOW API RESTRICTS TO 30 |
| IT29913 | ENABLING NIST STRICT COMPLIANCE SSH ECDSA-SHA2-NISTP256 KEY OF LENGTH 256 IS NOT SUPPORTED |
| IT29775 | THE SFTP CLIENT END SESSION SERVICE HANGS IN "WAITING ON IO" STATUS IN IBM STERLING B2B INTEGRATOR V6.0.1 |
| IT29554 | LDAP AUTHENTICATION FAILS IN V6.0.1 WITH CERTAIN ENCRYPTED STRINGS |
| IT29731 | MAP TEST UTILITY COMPLETES SUCCESSFULLY WITHOUT THE CORRECT USER INFORMATION (ID AND PASSWORD) |
| IT29794 | UNHANDLED EXCEPTION OCCURS IN LOCAL LISTENER WORKFLOWCOMPLETIONEVENTLISTENERS IN V6.0.1.0 |
| IT29865 | IBM STERLING B2B INTEGRATOR DASHBOARD TERMINATE HAS A DIFFERENT BEHAVIOR THAN THE CONTROLLERWORKFLOW TERMINATE ON BPs |
| IT29356 | SIGNING OUT OF MYFILEGATEWAY IN IBM STERLING B2B INTEGRATOR V6.0.1.0 USING GOOGLE CHROME DISPLAYS AN ERROR |
| IT29890 | THE PROPERTYUI.WAR CONTAINS THE OLD OJDBC7.JAR DRIVER AFTER YOU UPGRADE FROM V5.2.6.3 TO V6.0.1 |
| IT29894 | IN IBM STERLING FILE GATEWAY, THERE IS AN HOUR DELAY IN PRESENTING THE AS2 CONTRACTS IN THE CUSTOM PROTOCOL SCREENS |
Fix Pack 2 (V6.0.1.2)
Fix Pack 1 (V6.0.2.1)
| Link | Date Released | Status |
|---|---|---|
| Download |
February 07, 2020 |
Available |
Note: This Fix Pack also contains APAR security and regular fixes from 5263_13, 5264_3, and 6004 releases.
Regular Fixes
| APAR | Description |
| IT30547 | EXCEPTION OCCURRED IN READDIRECTORY; DOCUMENTNURSERY KEY BLOB NOT FOUND FOR SFTP SERVER ADAPTER |
| IT31483 | THE RESTAPICLIENT SERVICE IN STERLING B2B INTEGRATOR IS NOT HANDLING THE HTTP 200 RESPONSE |
| IT31555 | SOME REPORTS IN THE REPORT MANAGER AND REPORT SERVICE THROW REPORT GENERATION ERRORS |
| IT30621 | AFTER UPGRADE TO 5020603_9, INCORRECT LOGIN ATTEMPTS TO /MYFILEGATEWAY SHOW UNEXPECTED ERROR |
| IT31379 | WHEN DOC ENCRYPTION IS ENABLED WITH GLOBAL MAILBOX THE UPLOADED PAYLOAD FILE IS DISPLAYED AS AN EMPTY PRIMARY DOC |
| IT31598 | CODELISTS AND SCHEDULES UI ISSUES WITH THE LATEST VERSION OF CHROME |
| IT30669 | THE NOAPP.LOG IS FILLED WITH PSSERVERRMIIMPL.GETWFTHREAD AND WF_ID IS NULL MESSAGES |
| IT32002 | HTTPS THREADS STUCK AT THE OS LEVEL CAUSES HIGH CPU UTILIZATION |
| IT32161 | MYFILEGATEWAY OR FILEGATEWAY LOGIN SCREEN DOESN'T COME UP DUE TO MISSING STRUTS-HTML.TLD |
| Link | Date Released | Status |
|---|---|---|
| Download |
January 13, 2022 |
Current |
Mod Pack 2 (V6.0.2.0)
| Link | Date Released | Status |
|---|---|---|
| Download |
July 25, 2019 |
Available |
Note: This Fix Pack also contains APAR security and regular fixes from 5.2.5_20 , 5.2.6.3_10 , 6.0.0.2 and 6.0.1.0 releases.
Security Fixes
| APAR | Description |
| IT29305 | SECURITY VULNERABILITY: TRAVERSAL PATH |
| IT26305 | SECURITY VULNERABILITY: UNENCRYPTED LOGIN REQUEST |
| IT29093 | SECURITY VULNERABILITY: IBM STERLING INTEGRATOR 6.0.0.1 DISPLAYS WEBSERVER INFORMATION IN THE HTTP HEADER |
Regular Fixes
| APAR | Description |
| IT29588 | THE PROCESSES PAGE TAKES MORE THAN 2 MINUTES TO DISPLAY THE RESULTS AFTER THE INTERIM FIX |
| IT29554 | LDAP AUTHENTICATION FAILS IF THE AUTHENTICATION_POLICY.AUTHENTICATION_N.CREDENTIALS IS ENCRYPTED |
| IT24900 | THE 502 HARDWARE ERRORS ON THE ENCLOSURE MID-PLANE REPLACEMENT PREVENTS COMPLETION OF A SERVICE ACTION |
| IT29356 | SIGNING OUT OF MYFILEGATEWAY IN IBM STERLING B2B INTEGRATOR 6.0.1.0 USING GOOGLE CHROME DISPLAYS AN ERROR |
| IT29302 | DOCUMENTBUILDERFACTORY'S FEATURES USED IN DOCTODOM SERVICE AFTER INITIAL USE ARE RESET TO DEFAULT |
| IT29210 |
ORA-12899: THE VALUE ENTERED IS TOO BIG FOR SFGADMIN AND HOST_NAME
|
| IT28954 | MAILBOX_ADD USEREXIT FAILS TO LOAD DOCUMENTS CONTENT WHEN UPLOADED USING IBM STERLING FILE GATEWAY IN 6.0 |
| IT29643 |
THE SEARCH SCREEN TO UPDATE TRADING PARTNER REST API DOES NOT WORK
|
| IT29400 | GENCSR.SH DOES NOT WORK FOR CREATING A CERTIFICATE SIGNING REQUEST WITH SCIKS STORE TYPE |
| IT29710 | THE MAILBOX ASSIGNED TO AS2 RELATIONSHIPS CANNOT BE MODIFIED SINCE 5.2.5_1 |
Fix Pack 1 (V6.0.2.1)
| Link | Date Released | Status |
|---|---|---|
| Download |
November 22, 2019 |
Available |
Note: This Fix Pack also contains APAR security and regular fixes from 5.2.6.3_12, 5.2.6.4_3, 6.0.0.3, and 6.0.1.1 releases.
Security Fix
| APAR | Description |
| IT30099 | SQL INJECTION IN ACCOUNT INFO PAGE |
Regular Fixes
| APAR | Description |
| IT30365 | CUSTOMIZATION MENU USING THE DASHBOARD ALWAYS POINTS TO HTTP NO SSL EVEN WHEN YOU ACCESS IT USING SSL |
| IT30393 | IBM STERLING B2B INTEGRATOR READ SCHEDULE API RETURNS A 400 ERROR |
| IT30205 | AWS3 CLIENT FAILS IF THE EUROPEAN REGION IS SET TO EU-CENTRAL-1 |
| IT29913 | WITH NIST STRICT COMPLIANCE ENABLED, SSH ECDSA-SHA2-NISTP256 KEY OF LENGTH 256 IS NOT SUPPORTED |
| IT29890 | THE PROPERTYUI.WAR CONTAINS THE OLD OJDBC7.JAR DRIVER AFTER YOU UPGRADE FROM V5.2.6.3 TO V6.0.1 |
Fix Pack 2 (V6.0.2.2)
| Link | Date Released | Status |
|---|---|---|
| Download |
March 09, 2020 |
Current |
Note: This Fix Pack also contains APAR security and regular fixes from 5263_13 , 5.2.6.5_1 , 6.0.0.4 and 6.0.1.2 releases.
Regular Fixes
| APAR | Description |
| IT31830 | WHEN DOCUMENT ENCRYPTION IS ENABLED WITH GLOBAL MAILBOX, THE UPLOADED PAYLOAD DELIVERY TAB DISPLAYS FILESIZE AS -1 |
| IT28514 | SQL QUERY RELATED TO QUERY.GETSTATEANDSTATUS_MAIN.MSSQL HAS SLOW PERFORMANCE ERROR |
| IT28474 | SQL QUERY RELATED TO SETTING ARCHIVE DATE ON ARCHIVE_INFO HAS SLOW PERFORMANCE |
| IT28449 | SQL QUERY RELATED TO SCHEDULEINDEX BUSINESS PROCESS HAS CAUSED SLOWDOWN AND SIGNIFICANT BLOCKING |
| IT28507 | SQL QUERY RELATED TO WORKFLOW_LINKAGE HAS SLOW PERFORMANCE |
| IT29794 | UNHANDLED EXCEPTION OCCURS IN THE LOCAL LISTENER |
| IT30848 | IBM STERLING B2B INTEGRATOR TAKING DOWN THE HSM DEVICE |
| IT31250 | UNABLE TO CUSTOMIZE SKIN COLOR OF LOGIN FORM AFTER UPGRADING WITH INVALID CREDENTIALS |
| IT31011 | REPORTS FAILED WITH REPORT GENERATION ERROR IN REPORT SOURCE MANAGER AFTER INSTALLATION |
Fix Pack 3 (V6.0.2.3)
| Link | Date Released | Status |
|---|---|---|
| Download |
December 1, 2020 |
Available |
Note: This Fix Pack also contains APAR security and regular fixes from 5.2.6.5_3 and 6.0.0.5 releases.
Security Fixes
| APAR | Description |
| IT32833 | REMOTE CODE EXECUTION VIA UNAUTHENTICATED JAVA DESERIALIZATION - INTEROPHTTPSERVLET |
| IT32838 | SPE REMOTE MAP TEST SSL ERROR; VERSION OF JAVA RUNTIME DOES NOT SUPPORT THE TLS VERSION ON THE SERVER |
Regular Fixes
| APAR | Description |
| IT31966 | IN STERLING B2B INTEGRATOR FIFO ROUTING ADAPTER DOESN'T GET ENABLED |
| IT31992 | WHEN A MESSAGE IS UPLOADED ON A DATACENTER BUT EXTRACTED FROM ANOTHER THE MAILBOX EXTRACT SERVICE THROWS AN EXCEPTION |
| IT32229 | HYPERLINKS ON EDIT IMAGE SOURCE MANAGER SCREEN FOR CODELIST,XSLT,ETC ARE INCORRECTLY GENERATED IN CHROME |
| IT32302 | IBM STERLING FILE GATEWAY EVENTS MISSING ON RE-DELIVERY ATTEMPTS |
| IT32361 | WHILE SEARCHING FOR SCHEDULES, IF THE PERCENTAGE CHARACTER % IS ENTERED, THE UI SESSION TIMES OUT |
| IT32524 | SUPPRESS/REMOVE THE DEFAULT INLCUSION OF THE <MCD> FOLDER STRUCTURE IN THE HEADER DATA BY THE MQHRF2 SERVICE |
| IT32696 | MANUALLY INTERRUPTED BUSINESS PROCESSES OCCUR FROM A CLUSTER UNDER LOAD |
| IT32704 | THE REST API CLIENT SERVICE GET FAILS WHEN THE URL INCLUDES A COMMA |
| IT32705 | THE RECOVERY BUSINESS PROCESS CAN FAIL IF THE LIBERTY SERVER NODE_URL USES A HOST NAME THAT DOES NOT HAVE AN ACTIVE INTERFACE |
| IT32718 | DEPLOYER.CMD FAILING TO REMOVE FILE LISTED IN FILESTOREMOVE.TXT BECAUSE OF FORWARD SLASH IN PATH |
| IT32802 | B2B REST API GET /B2BAPIS/SVC/SSHKNOWNHOSTKEYS/ CAN RETURN EMPTY BRACKETS |
| IT32807 | CODELISTCODES REST API RETURNS SQL ERROR WHEN DEFAULT VERSION IS PART OF THE READCODELISTCODES QUERY |
| IT32812 | AFTER UPGRADE TO 6.0 AND DEPLOYMENT OF SOME WAR FILES THE HTTP SERVER ADAPTER SESSION INFORMATION IS NOT DISPLAYED |
| IT32929 | B2B DOESN'T HOLD CLUES WHEN NON-EXISTENT URI OF HTTP SERVER ADAPTER IS ACCESSED |
| IT32980 | INCORRECT VERSION SAVED WHEN CHECKING OUT MAP OR BUSINESS PROCESS FROM IBM STERLING B2B INTEGRATOR GUI |
| IT33034 | MAILBOXAS2SENDSYNCMDN IS NOT NOTIFYING A FAILURE ON THE AS2 TRANSMISSION AND THE MESSAGE SENT REMAINS LOCKED |
| IT33182 | MAILBOX DOES NOT THROW AN ERROR WHEN USING THE COMMAND SFTP CLIENT TO LIST FILES IN GLOBAL MAILBOX |
| IT34043 | THE INSTALLCUSTOMIZATION.SH IS NOT READING THE DATABASE POOL URL FROM THE CUSTOMER_OVERRIDES.PROPERTIES |
| IT34225 | HTTP SERVER ADAPTER RETURNING 200 RESPONSE FOR TRACE COMMAND WITH INVALID URI |
| AIX B2B INTEGRATOR CLUSTER NOAPP PROCESSES STILL RUN AFTER RUNNING SOFTSTOP.SH ALL AND HARDSTOP | |
| IT33314 | ERROR SENDING AN IDOC INBOUND TO SAP |
| Link | Date Released | Status |
|---|---|---|
| Download |
January 13, 2022 |
Current |
| Link | Date Released | Status |
|---|---|---|
| Download |
December 12, 2019 |
Available |
Note: This Fix Pack also contains APAR security and regular fixes from 5.2.6.3_12 , 6.0.0.3 , 6.0.1.1 , and 6.0.2.1 releases.
Security Fixes
| APAR | Description |
| IT30596 | SQL INJECTION ISSUE IN THE /GBM/ICONINFO URL |
| IT30990 | PERSISTENT CROSS-SITE XSS VULNERABILITY IN STERLING B2B INTEGRATOR PROXY SERVER CONFIGURATION |
Regular Fixes
| APAR | Description |
| IT30454 | AN INDEX FOR THE WF_ID COLUMN IS UNAVAILABLE IN THE EDIINTDOC RESULTING IN A FULL TABLE SCAN |
| IT31032 | AFTER UPGRADING FROM 5.2.6.3 TO 6.0.1 USING IIM MEMORY LEAKS CAUSED BY JGROUPS IN NOAPP JVM |
| IT30500 | REST API CLIENT SERVICE FAILS WITH A POST REQUEST FAILED ERROR |
| IT30301 | AN INCORRECT PASSWORD STRING RESULTS IN A FAILED USER ACCOUNT LOGIN |
Fix Pack 1 (V6.0.3.1)
| Link | Date Released | Status |
|---|---|---|
| Download |
February 26, 2020 |
Available |
Note: This Fix Pack also contains APAR security and regular fixes from 5263_13, 5.2.6.5_1, 6004, and 6.0.1.2 releases.
Regular Fixes
| APAR | Description |
| IT31830 | WHEN DOCUMENT ENCRYPTION IS ENABLED WITH GLOBAL MAILBOX, THE UPLOADED PAYLOAD DELIVERY TAB DISPLAYS FILESIZE AS -1 |
| IT31879 | SINGLE SIGN ON BETWEEN IBM STERLING FILE GATEWAY AND B2B INTEGRATOR DASHBOARD IS NOT WORKING ANYMORE |
| IT31598 | CODELISTS AND SCHEDULES UI ISSUES WITH THE LATEST VERSION OF CHROME |
| Link | Date Released | Status |
|---|---|---|
| Download |
May 08, 2020 |
Available |
Note: This Fix Pack also contains APAR security and regular fixes from 5263_14, 5.2.6.4_4, 5.2.6.5_2, and 6.0.2.2 releases.
Regular Fixes
| APAR | Description |
| IT31844 | WHEN USING XMLJSONTRANSFORMER SERVICE, SOME DATA TAGS ARE MISSING AND SOME DATA IS MISSING IN THE JSON FILE |
| IT32006 | NOCLASSDEFFOUNDERROR FOUND IN THE PERIMETER SERVER JARS FROM STERLING B2B INTEGRATOR |
| IT32037 | EXCEPTION JAVA.LANG.NOCLASSDEFFOUNDERROR:COM.STERLINGCOMMERCE.PERIMETER.API.NIO.PSSERVERSOCKETCHANNEL |
| IT32129 | PARTNER/USER ACCOUNT DIFFERENCES BETWEEN API UI AND DASHBOARD UI |
| IT32133 | SFTP CLIENT BEGIN SESSION HANGS WHEN THE REMOTE SERVER FORCES A PASSWORD CHANGE FOR THE USER ACCOUNT |
| IT32187 | ALERT SERVICE FAILS TO ALERT EVENT |
| IT32229 | HYPERLINKS ON EDIT IMAGE SOURCE MANAGER SCREEN FOR CODELIST,XSLT, ETC ARE INCORRECTLY GENERATED IN CHROME |
| IT32400 | THE HTTPONLY ATTRIBUTE IS NOT SET IN THE COOKIE FOR HTTPS URL-/DASHBOARD /FILEGATEWAY /MYFILEGATEWAY /MAILBOX |
| IT32425 | CANNOT CHANGE PASSWORDS LONGER THAN 28 CHARACTERS VIA THE MY ACCOUNT UI |
| IT32525 | MAILBOX MESSAGES NOT REVERTING TO EXTRACTABILITY COUNT OF 1 WHEN DOWNLOAD FAILS IN CERTAIN CIRCUMSTANCES |
| IT32537 | ERRORS CREATING STERLING FILE GATEWAY ROUTING CHANNELS WITH GLOBAL MAILBOX WHEN CONVERTING A TRADITIONAL MAILBOXPARTNER |
| IT32559 | PARTNER MIGRATION FAILED: NOT ALLOWED CONVERSION WITH VIRTUAL ROOT |
| IT32610 | ERROR IN CHANGING ROUTING TEMPLATE WHILE EDITING A ROUTING CHANNEL FOR GLOBAL MAILBOX |
| IT32647 | ERROR OCCURRED IN DOWNLOADING A FILE FROM MAILBOX UI |
| IT32513 | UNABLE TO OVERRIDE VALUES FROM EVENTSCHEMA.PROPERTIES IN THE CUSTOMIZATION UI |
| IT25439 | MAIL CLIENT ADAPTER FAILURE DUE TO INCORRECT EMAIL NOT PROCESSED BY THE ONFAULT STEP IN THE BUSINESS PROCESS |
| Link | Date Released | Status |
|---|---|---|
| Download |
November 13, 2020 |
Available |
Security Fixes
| APAR | Description |
| IT32833 | REMOTE CODE EXECUTION VIA UNAUTHENTICATED JAVA DESERIALIZATION INTEROPHTTPSERVLET |
| IT34170 | SECURITY VULENRABILITY - INSUFFICIENT AUTHORIZATION CONTROLS |
| IT32838 | SPE REMOTE MAP TEST SSL ERROR; VERSION OF JAVA RUNTIME DOES NOT SUPPORT THE TLS VERSION ON THE SERVER |
| IT33724 | GLOG COOKIE DOES NOT HAVE SECURE OR HTTPONLY FLAG ON |
Regular Fixes
| APAR | Description |
| IT30669 | THE NOAPP.LOG IS FILLED WITH OPSSERVERRMIIMPL.GETWFTHREAD AND WF_ID IS NULL MESSAGES |
| IT32006 | NOCLASSDEFFOUNDERROR FOUND IN THE PERIMETER SERVER JARS FROM IBM STERLING B2B INTEGRATOR |
| IT32037 | EXCEPTION JAVA.LANG.NOCLASSDEFFOUNDERROR: COM.STERLINGCOMMERCE.PERIMETER.API.NIO.PSSERVERSOCKETCHANNEL |
| IT32786 | SPLASH PAGE LOADED FOR STERLING FILE GATEWAY AFTER UPGRADING TO 6.0.3 |
| IT33301 | SOFTSTOP.SH DOES NOT WORK IN 6.0.3 |
| IT33394 | UPDATE DOCUMENTINPUTSTREAM AVAILABLE() METHOD FOR USE |
| IT33958 | XML JSON TRANSFORMER SERVICE STAYS ACTIVE INDEFINITELY WHEN TRANSFORMING AN XML FILE TO JSON |
| IT30220 | AFTER ORACLE FAILOVER THE TABLE FG_EVENT IS NOT POPULATED |
| IT31992 | WHEN A MESSAGE IS UPLOADED ON A DATACENTER BUT EXTRACTED FROM ANOTHER THE MAILBOX EXTRACT SERVICE THROWS AN EXCEPTION |
| IT32759 | PASSWORD ISSUES WITH SPECIAL CHARACTERS |
| IT32795 | XML REPORT IS IMCOMPLETE, JAVA.LANG.CLASSCASTEXCEPTION:JAVA.LANG.LONG INCOMPATIBLE WITH JAVA.LANG.INTEGER |
| IT32980 | INCORRECT VERSION SAVED WHEN CHECKING OUT MAP, BUSINESS PROCESS, FROM IBM STERLING B2B INTEGRATOR GUI |
| IT33080 | THE MAILBOX CONFIGURATION MAXUSERSIZE USED FROM UI.PROPETIES, RATHER THAN CUSTOMER_OVERRIDES.PROPERTIES |
| IT33133 | INCONSISTENT REPORTING RESULTS FROM SFGDBCHECK.SH |
| IT33134 | REMOTE PROFILE NOT ACCEPTING ANGULAR BRACKETS IN THE PASSWORD FIELD OF CREATE/UPDATE SSH REMOTE PROFILE APIS |
| IT33167 | SFTP AND FTP CLIENT GET SERVICE WITH WILDCARD PATTERNvGETS DUPLICATE DOCUMENTIDS IN PROCESSDATA |
| IT33169 | EBICS SERVER REJECTS HVE, HVS,OR HVT ORDERS WHICH INCLUDEvFILEFORMAT IN THE ORDERPARAMS |
| IT33200 | DEBUG MODE ON SECURITY.LOG RE-ACTIVATED AFTER IBM STERLING B2BvINTEGRATOR RESTART |
| IT33214 | TUNINGFORMULA.PROPERTIES STILL SHOWS MEMORY ALLOCATION FORvACTIVEMQ |
| IT33362 | THE DEFAULT_WORKFLOW_RESTART_USER_BEHAVIOR PROPERTY NOT WORKING AS EXPECTED AFTER UPGRADING TO V6.0.3 |
| IT33480 | FAIL TO UPDATE NAME OF SYSTEM CERTIFICATE |
| IT33635 | CD REQUESTER SELECT STATISTICS REPORTS INVALID PARAMETER WHEN RECORDCATEGORY USED |
| IT33758 | MAILBOX VIRTUAL ROOT NOT CREATED WHEN ASSIGNING PRODUCER ROLE TO AN EXISTING PARTNER |
| IT33812 | CAN NOT ACCESS THE CUSTOMIZATION UI |
| IT33830 | IBMSILIBERTYPROFILE SERVICE IS NOT STAYING UP BUT CAUSES THE SLOW RENDERING OF THE DASHBOARD UI |
| IT33886 | RMI ERROR WHEN TRYING TO GET LIST OF PERIMETER SERVERS USING "APPSERVEROPS.LISTPERIMETERCLIENTS()" |
| IT34017 | RESTAPICLIENT SERVICE DOES NOT LOG REMOTE SERVER JSON RESPONSE ON ERRORS |
| IT34046 | 6.0+ B2BI MAILBOX UI HELP LINK POINTS TO 5.2 DOCUMENTATION |
| IT34223 | REMOTE PERIMETER SERVER INSTALLED FROM FIX PACK VERSION OF SI.IMETER SERVER INSTALLATION JAR REPORTS DIFFERING VERSION |
| IT34226 | INSTALLATION MANAGER DOES NOT RECOGNIZE FAILURE IN B2B UPGRADE LOGS |
| IT34322 | SSH KEY GRABBER FAILS TO GRAB KEY FROM REMOTE SFTP SERVER |
| IT34331 | ENCRYPTING DATABASE PASSWORD RESULTS IN DATABASE USER ACCOUNT GETTING LOCKED OUT |
| IT34359 | THE SCRIPT EXPORT.SH DOES NOT EXPORT ANY APPLICATION CONFIGURATION WHEN INPUT FILE USES ALL |
| IT34438 | WORKFLOWDEFINITION_GETPERSISTENCELEVEL MESSAGES FILLING UP WF.LOG |
| IT34452 | OPENSHIFT - PODS INTERNAL COMMUNICATION DONE VIA POD HOSTNAME FAILING |
| IT34453 | OPENSHIFT - DEPLOYMENT AGAINST MSSQL TLS1.2 AND SELF-SIGNED CERT NOT WORKING |
| IT34460 | THE LAST VERSION OF XSLTS IN THE EXPORT FILE BECOMES THE DEFAULT VERSION REGARDLESS OF WHICH ONE IS DEFAULT |
| IT34553 | WITH NIST TRANSITION COMPLIANCE ENABLED, SSH ECDSA-SHA2-NISTP256 KEY OF LENGTH 256 IS NOT SUPPORTED ON 6.0.3.0 |
| IT33396 | CLUSTER NODES CAN INCORRECTLY BE REPORTED AS DOWN WHEN THEY ARE UP AND RUNNING |
| IT33182 |
MAILBOX THROWS AN ERROR WHEN USING THE ls COMMAND FROM SFTP CLIENT TO LIST FILES IN GLOBAL MAILBOX
|
| Link | Date Released | Status |
|---|---|---|
| Download |
February 23, 2021 |
Available |
Security Fixes
| APAR | Description |
| IT35348 | SECURITY VULNERABILITY: PERMISSION CONTROL SECURITY VULNERABILITIES AFFECT THE DASHBOARD UI |
Regular Fixes
| APAR | Description |
| IT34720 | THE LIBERTY SERVICE SHOWS AN INCOSISTENT RUNNING STATE |
| IT24988 | MDN PARSING SERVICE ERRORS ON EXPERIMENTAL HEADER |
| IT34636 | SFTP USER EXIT FAILS WHEN GLOBAL MAILBOX IS TURNED ON FOR THE SFG ACCOUNT AND A NULLPOINTEREXCEPTION IS SEEN IN SFTPSERVER.LOG |
| IT34791 | FTP CLIENT GET SERVICE MULTIPLE DOCUMENTLIST - WAITING ON IO |
| IT34917 | POST INSTALLATION OF DOCKER AND THE STANDARDS JAR AS MENTIONED IN DOCUMENTATION, STERLING FILE GATEWAY GETS ENABLED |
| IT34782 | UNABLE TO USE THE CUSTOMIZATION UI API TO OVERRIDE THE X12ENVELOPEUNIFIED BUSINESS PROCESS |
| IT34662 | AN INVALID OR ILLEGAL XML CHARACTER IS SPECIFIED WHEN B2B FUNC CLIENT ADAPTER USED IN COMBINATION WITH STATUS_RPT XPATH |
| IT31929 | IBM STERLING B2B INTEGRATOR HAS SLOW FILE TRANSFER DOWNLOAD VIA THE SFTP CLIENT GET SERVICE |
| IT32753 | FTP CLIENT-GET SERVICE WITH DELAYWAITINGONIO SET TO -1 DOES NOT WORK ON 5.2.6.3_12 |
| IT34972 | AWS S3 CLIENT GET OPERATION FAILS WHEN NO EXTENSION EXISTS IN FILENAME/FILELIST/FILEPATTERN |
| IT35077 | WE CAN'T PERSIST A DOCUMENT TO THE DOCUMENT TABLE BECAUSE THE WF ID IS TOO LONG AND WON'T BOX INTO AN INT |
| IT35212 | THE APPLICATION FAILED TO INVALIDATE THE SESSION IDENTIFIER WHEN AN ACCESS CONTROL CHANGE OCCURS |
| IT35721 | IBM STERLING B2B INTEGRATOR USES THE AFFECTED FUNCTIONALITY WITHIN XSTREAM LIBRARIES FOR CVE-2020-26217 |
| Link | Date Released | Status |
|---|---|---|
| Download |
October 05, 2021 |
Available |
Note: This Fix Pack also contains APAR security and regular fixes from 6007.
Security Fixes
| APAR | Description |
| IT37862 | B2BIAPIS --> SECOND_ORDER_SQL_INJECTION |
| IT36930 | SECURITY VULNERABILITY: ACCESS CONTROL SECURITY VULNERABILITY EXISTS WHILE VIEWING THE ROSETTA NET ACTIVITIES |
| IT35837 | SECURITY VULNERABILITY: SESSION FIXATION SECURITY VULNERABILITY IN FILEGATEWAY |
| IT37912 | IBM WEBSPHERE MQ (PUBLICLY DISCLOSED VULNERABILITY) |
| IT36354 | REFLECTED CROSS-SITE SCRIPTING VULNERABILITY IN IBM STERLING B2B INTEGRATOR DISCOVERED BY THIRD PARTY |
| IT35348 | SECURITY VULNERABILITY: PERMISSION CONTROL SECURITY VULNERABILITIES AFFECT THE DASHBOARD UI |
| IT37678 | UPGRADE DATA MAPPER FOR JACKSON (CVSS 7.5) |
| IT37615 | UPDATE APACHE XCERCES2 J (CVSS 7.5) |
| IT37693 | UPDATE APACHE COMMONS BEANUTILS (CVSS 7.5) |
| IT37848 | UPGRADE LOG4J (CVSS 7.8) |
| IT37681 | UPGRADE XML BEAN (CVSS 9.1) |
| IT37682 | UPGRADE APACHE TOMCAT JARS (CVSS 9.8) |
| IT36552 | UPDATE JASPERREPORTS (CVSS 8.8) |
| IT37913 | UPDATE BOUNCY CASTLE JAR IN GATEWAY.WAR (CVSS 9.8) |
| IT37914 | UPGRADE NETTY JAR (CVSS 9.1) |
| IT36570 | SECURITY VULNERABILITY: INFORMATION DISCLOSURE SECURITY VULNERABILITY IN THE DASHBOARD USER INTERFACE |
| IT37031 | SECURITY VULNERABILITY: STORED XSS SECURITY VULNERABILITY EXISTS IN DASHBOARD USER INTERFACE CAUSED BY NOT CHECKING SERVER NAME WHEN CREATING A PERIMETER SERVER |
| IT36900 | SECURITY VULNERABILITY: PERMISSION CONTROL SECURITY VULNERABILITY EXISTS IN CREATING USER NEWS IN THE DASHBOARD USER INTERFACE |
| IT36914 | SECURITY VULNERABILITY: PERMISSION CONTROL SECURITY VULNERABILITIES EXISTS WHILE DOWNLOADING WAR FILE FROM WEB EXTENSION UTILITY |
| IT37677 | UPGRADE JACKSON DATAFORMATS JAR (CVSS 7.5) |
| IT36688 | SECURITY VULNERABILITY: CSRF TOKEN APPEARS IN THE URLS FOR FILEGATEWAY USER INTERFACE (AFT) |
| IT36390 | SECURITY VULNERABILITY: MYFILEGATEWAY USER CAN UPLOAD THE FILE EVEN THOUGH THE UPLOAD TAB IS DISABLED |
| IT36447 | 3RD PARTY STORED CROSS SITE SCRIPTING IN IBM STERLING B2B INTEGRATOR |
| IT36609 | SECURITY VULNERABILITY: PERSISTENT XSS SECURITY VULNERABILITY EXISTS IN THE WEB SERVICE MANAGEMENT USER INTERFACE |
| IT36300 | SECURITY VULNERABILITY - MYFILEGATEWAY FILE-NAME COULD BE INTERCEPTED TO INJECT DISALLOWED CHARACTERS IN FILENAME |
| IT36280 | SECURITY VULNERABILITY: MYFILEGATEWAY UI DISPLAYS SENSITIVE INFORMATION AFTER LOGOUT |
| IT35660 | SECURITY VULNERABILITY: USER ENUMERATION VULNERABILITY IN MYFILEGATEWAY USER INTERFACE |
| IT35654 | ACCESS SECURITY CONTROL VULNERABILITY AFFECTS IBM STERLING FILE GATEWAY (CVE-2021-20375) |
| IT35605 | ACCESS CONTROL VULNERABILITY AFFECTS IBM STERLNG FILE GATEWAY (CVE-2021-20372) |
| IT35181 | THE FILEGATEWAY AND MYFILEGATEWAY USER INTERFACES LACK SUFFICIENT PERMISSION CONTROL |
| IT37676 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT35845 | CROSS SITE SCRIPTING VULNERABILITY 6.1 (PERSISTENT XSS) |
| IT37859 | UPGRADE XSTREAM TO 1.4.17 (CVSS 8.8) |
| IT37613 | SQL INJECTION VULNERABILITY AFFECTS DOCKER CONTAINER OF IBM STERLING B2B INTEGRATOR (CVE-2021-29798) |
| IT38149 | UPDATE JBOSS DROOLS (CVSS 7.5) |
| IT37642 | CROSS-SITE SCRIPTING VULNERABLITY AFFECTS THE DASHBOAD UI OF IBM STERLING B2B INTEGRATOR (CVE-2021-29836) |
| IT37612 | CROSS-SITE REQUEST FORGERY [3] |
| IT37597 | CROSS-SITE SCRIPTING VULNERABILITY AFFECTS THE MAILBOX USER INTERFACE OF IBM STERLING B2B INTEGRATOR (CVE-2021-29855) |
| IT37777 | UNABLE TO DISABLE SPECIFIC TLS VERSION (TLS 1.0) ON HTTP SERVER ADAPTER USING SSLHELLOPROTOCOL |
| IT37858 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT38514 | UPDATE APACHE TAGLIBS (CVSS 7.5) |
| IT38441 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT38515 | APACHE KAFKA VULNERABILITIES AFFECT THE B2B API OF IBM STERLING B2B INTEGRATOR (CVE-2017-12610, CVE-2018-1288) |
| IT38512 | UPDATE JACKSON-DATABIND JAR (CVSS 9.8) |
| IT35458 | SECURITY VULNERABILITY: ECLIPSE JETTY PRIVILEGE ESCALATION |
Regular Fixes
| APAR | Description |
| IT38166 | AFTER APPLYING 6.0.3.4 IFIX APAR IT37392, SFTP CLIENT GET FAILS WITH ERROR MESSAGE = [NO SUCH FILE: THE MESSAGE [XXX/ABC] IS NOT EXTRACTABLE! |
| IT31929 | B2BI HAS SLOW FILE TRANSFER DOWNLOAD TIMES VIA THE SFTP CLIENT GET SERVICE, IT IS 3 TIMES SLOWER THAN DOWNLOADING THE SAME FILE USING FILEZILLA |
| IT33253 | IMPLEMENTATION - NEW B2BI 6.0.1 INSTALL, THE CUSTOMIZATION UI ERROR TO CONSLOLE SSL PROTOCOL &TLS_VERSION LABEL IS NOT VALID. ONLY TLS, TLSV1, TLSV1.1 & TLSV1.2 ARE SUPPORTED |
| IT35432 | JAVA.LANG.NULLPOINTEREXCEPTION WHEN DOING A LIST USING AWSS3CLIENT |
| IT35420 | ON 6.0.3, SETTING NOAPP.DISTRIBUTIONONWEIGHT=TRUE IS CHANGING THE WFDOPTION VALUE IN THE WFD TABLE AND AFFECTS BP EXECUTION |
| IT35404 | EBICS HKD/HTD RESPONSE FORMAT ERRORS |
| IT37558 | PWDPOLICY: USER UNABLE TO RESET THEIR PASSWORD |
| IT38145 | SUPPORT FOR AES-192/CBC/PKCS5 PADDING ENCRYPTION ALGORITHMS IN AS2 |
| IT36811 | FG PGP FAILURE - EXECUTION OF BP [CLEAR DOCUMENT POST PROCESSING FAILED.] FAILED, WFID:-1 |
| IT37165 | INVALID ELEMENT: USERNAME |
| IT37890 | OPSSERVERRMIIMPL.GETWFTHREAD THREADS HAVE HIGH CPU USAGE |
| IT33363 | USER LANDS ON INCORRECT DIRECTORY WHEN USERNAME HAS TRAILING SPACES |
| IT35861 | RECOVER BPML FAILURE AFTER OVERCOME THE INT WF_ID VALUE |
| IT32753 | ALL BUSINESS PROCESSES WERE ON HANG STATUS: RELATED TO SECURERANDOM |
| IT34746 | LARGE NUMBER OF ERRORS IN THE SYSTEM LOGS |
| IT36470 | INCORRECT FILEGATEWAY VERSION SHOWN IN DUMP_INFO/DASBOARD OF DOCKERIZED INSTALL |
| IT36472 | HTTP SERVER SESSION SHOWS REMOTE CLIENT PORT AS 0 |
| IT35034 | FILTER SEARCH OF MAILBOX ROUTING RULE IN EXPORT DOES NOT WORK WHEN USING AN '_' UNDERSCORE |
| IT36643 | TRADING PARTNER APIS TRUNCATING CUSTOM PROTOCOL EXTENSIONS' VALUES IF COLON SYMBOL IS PART OF EXTENSION VALUE |
| IT36772 | SFTP CLIENT MOVE SERVICE - FAILING WHEN SAME FILENAME IS ALREADY PRESENT IN REMOTE DIRECTORY |
| IT36848 | UNABLE TO ADD MORE THAN 65536 CHARACTERS IN SI MAP EXTENDED RULE. THE MAP EDITOR CRASHES |
| IT37017 | REPEATED "ERROR 000110010734 WORKFLOW.WORKFLOW.ERR_NO_MSG_EXCEP NO_MSG_EXCEP " IN SYSTEM LOG ON 6.0.1.2 |
| IT36968 | HPB ORDER TYPE EBICS CLIENT DOES RECEIVE AN INVALID XML CHARACTER (UNICODE: 0X5) WHEN SECURITY.ENC_DECR_DOCS=ENC_ALL IS SET ON EBICS SERVER SIDE |
| IT36309 | BACKUP CERTIFICATE "ASISSLCERT_DATE/TIME" WAS MISSED FROM FIX "IT33611: BACKUP SYSTEM CERTIFICATES ARE EXPIRED BUT UNABLE TO ADD TO THE CHECK EXPIRE SERVICE EXCLUSION LIST" |
| IT36298 | EDI_RECONCILE997.ERR BECAUSE OF DEADLOCKS ON THE CORRELATION_SET TABLE WITH MSSQL |
| IT37341 | NOTIFICATION ISSUE AFTER ENABLING REDELIVER AND REPLAY IN UI FOR TPS |
| IT38034 | MYFG2.0 BROKEN AFTER UPGRADE TO V6.0.3.4 |
| IT37110 | REMOVE INVALID DOMAIN URLS FROM NOAPP.PROPERTIES_PLATFORM_IFCRESOURCES_EXT |
| IT36269 | THE DEFAULTDOCUMENTSTORAGETYPE IN TUNING.PROPERTIES IS NOT UPDATED BY UI TUNING WIZARD |
| IT35803 | WHEN REMEMBER SEARCH-BY VALUES IS CHECKED UNDER ACCOUNTS > MY ACCOUNT AND THEN SEARCHING UNDER TRADING PARTNER > CODE LISTS > SEARCH BY CODE LIST NAME IT IS REMEMBERING A WILDCARD "%" AS "%" |
| IT35379 | AWSS3CLIENT / PUT SERVICE GENERATES FILES INTO THE SI INSTALL/TMP DIRECTORY WHICH ARE NOT DELETED |
| IT35473 | GOOGLE CHROME ISSUE - SSH KEYS |
| IT35367 | CANNOT ENABLE A SCHEDULE WHEN IT IS SEARCHED FOR WITH A WILDCARD % CHARACTER |
| IT34231 | DOCUMENTATION - IMPLEMENT EBICS - HSM (3S) SIGNING WITH SCONNECT |
| IT36042 | CANNOT ADD ENTRY TO CODE LIST |
| IT35851 | REST API UPDATE MAILBOX LIMITING THE USER FIELD TO 255 CHARACTERS AND THE UPDATE IS REPLACING THE EXISTING USERS |
| IT35087 | MANY 2020-10-26 01:35:16.944] ERROR 000110010846 WORKFLOW.WORKFLOW.ERR_DOCUMENT_SETUSERLIFESPAN [DOCUMENT].SETUSERLIFESPAN() UNABLE TO INSERT/UPDATE DOCUMENT USER LIFESPAN |
| IT34982 | REMOTE HOST IS INVALID. PLEASE ENTER A VALID DOMAIN NAME OR IPV4 OR IPV6 ADDRESS |
| IT34248 | DELETE STERLINGCONNECTDIRECTNETMAPXREF API |
| IT34873 | MESA ATTACHMENT ORDER CHANGED IN PROCESS DATA AFTER UPGRADE TO 6.0.3 |
| IT35267 | SBI 602 MISSING THE ROUTING RULE REST API WITHOUT SFG INSTALLED |
| IT35197 | COMMUNICATION ADAPTERS DO NOT SHOW PS OPTIONS OTHER THAN "ALL&LOCAL" |
| IT34735 | AWS S3 CLIENT SERVICE GET OPERATION DOES NOT GET THE DOCUMENTS AND LIST THEM AS PRIMARY DOCUMENTS WHEN FILE NAME PATTERN IS USED |
| IT34747 | INCORRECT CREDENTIAL TYPE SHOWN IN B2B'S COMMUNICATION SESSION UI FOR B2B SFTP SERVER CONNECTION |
| IT38168 | EBICSORDERPROCESSING IS WRITING IN FS, BUT IT SHOULD BE IN DATABASE |
| IT37342 | DYNAMIC ROUTES ARE FAILING WHEN WORKFLOWID IN B2B IS GREATER THAN JAVA INTEGER MAX_VALUE (2^31-1) |
| IT37614 | EBICS GOT DIFFERENT BEHAVIOR ON PROCESSING OF THE ORDER TYPE CCT VS FUL |
| IT32390 | GLOBAL MAILBOX EVENT RULES NOT UPDATED/DELETED WHEN FG CHANNELS ARE DELETED WITH B2BI REST API |
| IT33966 | DECOMPRESSION WHEN .ZIP HAS FILES WITH SPECIAL CHARACTERS |
| IT31959 | INSTANCE DATA SCREEN SHOWS "USER DOES NOT HAVE PERMISSION" WHEN NAVIGATING A WORKFLOW ID THRU "OPERATIONS -> THREAD MONITOR" SCREEN |
| IT35913 | XMLJSONTRANSFORMER RETURNS PROCESSDATA THAT IS NOT ACCESSIBLE WITH XPATH |
| Link | Date Released | Status |
|---|---|---|
| Download |
January 13, 2022 |
Available |
| Link | Date Released | Status |
|---|---|---|
| Download |
April 06, 2022 |
Available |
Security Fixes
| APAR | Description |
| IT38412 | PERMISSION CONTROL SECURITY VULNERABILITY EXITS IN THE MAILBOX USER INTERFACE OF IBM STERLING B2B INTEGRATOR |
| IT39357 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39424 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39442 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39440 | SQL INJECTION SECURITY VULNERABILITY EXISTS IN THE DASHBOARD UI OF IBM STERLING B2B INTEGRATOR (CVE-2021-39085, CVSS 6.3) |
| IT38877 |
SECURITY VULNERABILITIES IN XSTREAM AFFECT THE B2B API OF IBM STERLING B2B INTEGRATOR
|
| IT38705 | INFORMATION DISCLOSURE SECURITY VULNERABILITY EXISTS IN THE REST B2B API IN IBM STERLING B2B INTEGRATOR |
| IT39360 | INFORMATION DISCLOSURE SECURITY VULNERABILITY EXISTS IN THE USER INTERFACE OF IBM STERLING FILE GATEWAY (DBS VERBOSE ERROR MESSAGE) (CVE-2021-39086 CVSS 4.3) |
| IT33759 | IBM STERLING B2B INTEGRATOR VULNERABLE TO CROSS-SITE AJAX REQUEST VULNERABILITY DUE TO PROTOTYPE JAVASCRIPT (CVE-2008-7220) |
| IT37287 | INFORMATION DISCLOSURE SECURITY VULNERABILITY EXISTS IN IBM STERLING B2B INTEGRATOR WEB USER INTERFACE (JETTY 404) (CVE-2021-39033 4.3) |
| IT39767 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39434 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39438 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39104 | IBM STERLING B2B INTEGRATOR DASHBOARD UI IS VULNERABLE TO XSS (CVE-2021-39035) |
| IT39235 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39433 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39422 | IBM STERLING B2B INTEGRATOR DASHBOARD UI IS VULNERABLE TO SENSITIVE INFORMATION EXPOSURE (CVE-2021-39087) |
| IT39785 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39737 | UPGRADE LOG4J TO 2.17.1 |
| IT38435 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
Regular Fixes
| APAR | Description |
| IT39736 | EBICS FDL/FUL IS FAILING DUE TO IN VALID PARAM COUNTRYCODE="PT", EBICS SERVER RESPOND WITH "EBICS_INVALID_ORDER_PARAMS" |
| IT39768 | USER ACCOUNTS ARE CREATED DURING THE AS2 ONBOARDING WIZARD NON-UNIQUE PASSWORD IS GENERATED |
| IT39693 | CENTRAL SEARCH SHOWING NULL AFTER UPGRADING TO 601 |
| IT38132 | COMM SESSIONS ARE NOT CLOSED WHEN SFTP SERVER IS USED WITH GLOBAL MAILBOX |
| IT38925 | EXPORT/IMPORT OF "OBSCURE DATA - PROCESS DATA VALUES" SERVICE ENDS UP CORRUPTING OBSCURED VALUES IN SERVICE CONFIG |
| IT38863 | SI 6.0.2.2 KEEP EXPERIENCING OOM DUE TO JGROUPS THREADS BLOCKING / MEMORY LEAK |
| IT37771 | ERROR "JAVAX.NAMING.COMMUNICATIONEXCEPTION [ROOT EXCEPTION IS JAVA.RMI.NOSUCHOBJECTEXCEPTION: NO SUCH OBJECT IN TABLE]" IN OPS.LOG AFTER UPGRADING TO 6.1.0.2 |
| IT39084 | REST CLIENT SERVICE POST OPERATION STRIPS OFF LINE FEED CHARACTERS FROM REQUEST DOC |
| IT39881 | EBICS A/B SIGNATURES NOT WORKING |
| IT39188 | SFTP CLIENT REGRESSION AFTER APPLYING V6.0.0.7 (I.E., AFTER APPLYING FIX OF L3REQ-1843) |
| IT39355 | AFTER UPGRADE TO SI 6.0.3.5 THE AS2 ENCRYPTION ALGORITHM: 192-BIT AES CBC WITH PKCS5 PADDING IS NOT DISPLAYED PROPERLY |
| IT39546 | DELETE PGPKEY API |
| IT39692 | HIGH CPU USAGE |
| IT39815 | THE DOCUMENT NAME ON THE PRIMARY DOCUMENT IS EMPTY ON THE FILEGATEWAYDELIVERYSERVICE IN THE FILEGATEWAYMAILBOXROUTEARRIVEDFILE BP FOR GLOBAL MAILBOX ROUTES |
| IT39243 | RESTAPICLIENT SERVICE UNABLE TO SEND CUSTOM HEADER |
| IT38732 | "UPDATE USERACCOUNT" REST API DOES NOT ACCEPT EMAIL ADDRESSES WITH TLDS OTHER THAN .COM AND .NET |
| IT39649 | UNABLE TO CREATE A ROUTE ON A SUB-MAILBOX IN GLOBAL MAILBOX IF A ROUTE ALREADY EXISTS ON ANOTHER SUB-MAILBOX UNDER THE SAME PARENT MAILBOX |
| IT39096 | UPDATE USER ACCOUNT API IS UPDATING YFS_USER.PASSWORDLASTCHANGEDON COLUMN ALTHOUGH PASSWORD WASN'T UPDATED |
| IT32183 | AS2INBOUND WORKFLOW PROCESSES OUTBOUND MDN INSTEAD OF ACTUAL PAYLOAD WHENEVER EDIINTPIPELINEPARSE FAILS |
| IT39681 | B2BI TAGLIBS (JSLT) UPGRADE FROM 1.1.2 TO 1.2.5 IN REST APIS |
| IT39174 | INCORRECT SQL QUERY IN JDBC.PROPERTIES_ODETTEFTP_EXT |
| IT39935 | FILES ARE NOT BEING REMOVED FROM FILE SHARE EVEN THOUGH THEY ARE DELETING ALL MAILBOX MESSAGES AFTER 14 DAYS WITH A BUSINESS PROCESS |
| IT39936 | NULLPOINTEREXCEPTION OCCURRED IN DELETING MESSAGE WITH MAILBOX DELETE SERVICE FOR GLOBAL MAILBOX |
| Link | Date Released | Status |
|---|---|---|
| Download |
July 11, 2022 |
Available |
Regular Fixes
| APAR | Description |
| IT41631 | ENHANCE B2B MAIL CLIENT ADAPTER FOR ACCESSING MICROSOFT EXCHANGE WITH OAUTH 2.0 |
| Link | Date Released | Status |
|---|---|---|
| Download |
September 22, 2022 |
Available |
Note: This Fix Pack also contains APAR security and regular fixes from 6008.
Security Fixes
| APAR | Description |
| IT39958 | XSS SECURITY VULNERABILITIES EXISTS IN DASHBOARD UI OF IBM STERLING B2B INTEGRATOR (DBS) |
| IT41250 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT41002 | SECURITY VULNERABILITIES IN CKEDITOR EXISTS IN B2B API OF IBM STERLING B2B INTEGRATOR (CVSS 7.6) |
| IT41026 | HTTP SESSION DOES NOT EXPIRE AFTER PASSWORD CHANGE |
| IT41085 | WILDCARD IS SPECIFIED FOR HTTP CORS HEADER IN THE B2BI API FOR IBM STERLING B2B INTEGRATOR |
| IT41715 | SPECIAL CHARACTERS CAN BE ENTERED TO A LOG FILE WITH UNSUCCESSFUL LOGIN TO DASHBOARD UI OF IBM STERLING B2B INTEGRATOR |
| IT38890 | SECURITY VULNERABILITIES IN ECLIPSE JETTY AFFECT IBM STERLING B2B INTEGRATOR (CVE-2021-34428, CVE-2021-28169, CVE-2021 CVSS 5.3) |
| IT41084 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT41291 | UPDATE SPRING FRAMEWORK (CVSS 5.4) |
| IT41370 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT41831 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT40552 | SECURITY VULNERABILITY IN XSTREAM AFFECTS IBM STERLING B2B INTEGRATOR (CVE-2021-43859 CVSS 7.5) |
| IT41032 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39547 | SECURITY VULNERABILITY IN HTTPCLIENT AFFECTS IBM STERLING B2B INTEGRATOR (CVE-2020-13956 CVSS 5.3) |
| IT40312 | XSS SECURITY VULNERABILITIES EXISTS IN DASHBOARD UI OF IBM STERLING B2B INTEGRATOR (DBS) |
| IT41292 | JACKSON-DATABIND BEFORE 2.13.0 ALLOWS A JAVA STACKOVERFLOW EXCEPTION AND DENIAL OF SERVICE (CVE-2020-36518 CVSS 7.5) |
| IT40669 | IBM STERLING FILE GATEWAY IS VULNERABLE TO MULTIPLE ISSUES DUE TO BOUNCY CASTLE |
Regular Fixes
| APAR | Description |
| IT41672 | SQL INJECTION EXISTS IN EBICSCLIENT UI |
| IT32183 | AS2INBOUND WORKFLOW PROCESSES OUTBOUND MDN INSTEAD OF ACTUAL PAYLOAD WHENEVER EDIINTPIPELINEPARSE FAILS |
| IT40959 | REST API CLIENT SERVICE ERRORS OUT WITH STRINGINDEXOUTOFBOUNDSEXCEPTION |
| IT41157 | CREATE ROUTING CHANNEL API ALLOW DUPLICATE ROUTING CHANNEL CREATION FOR THE SAME PARTNER/TEMPLATE COMBINATION |
| IT41239 | VIOLATION OF PRIMARY KEY CONSTRAINT SCI_PK_215 ON TABLE DOCUMENT_CLONE |
| IT41362 | PASSWORD CHANGEABLE WITHOUT OLD PASSWORD |
| IT39974 | MULTIPLE SECURITY ISSUES FOR SAME MYFILEGATEWAY URL |
| IT39871 | AFTER UPGRADE V6.0.3.2 TO V6.0.3.5 BP FAILS TO DECRYPT DATA, SOA INBOUND SECURITY SERVICE POST ADVANCE ERROR GENERAL SECURITY ERROR (NO CERTIFICATES WERE FOUND FOR DECRYPTION (KEYID)) |
| IT39880 | GPM CREATED BP CHANGES IN SIZE WHEN EXPORTED/IMPORTED BP IF COMPARED IN DB |
| IT40624 | CHANGE FOR IT24003 MISSING IN 6.0.3.5_1 (AND OTHER VERSIONS) |
| IT39445 | INTERRUPTED FILE TRANSFER BEHAVES DIFFERENTLY FOR GLOBAL MAILBOX |
| IT41208 | UI LOGO NOT DISPLAYING ON WINTEL B2BI INSTALLATIONS |
| IT40841 | SFTP SERVER ADAPTER WITH GROUP NOT PREVENTING SSHKEY LOGON |
| IT40457 | SFTPCLIENT LOGGING CHANGED FROM 526 TO 61 |
| IT40683 | B2B API FOR CREATENEWAS2RELATIONSHIP NOT ADDING MAILBOX PERMISSION |
| IT41781 | AFTER UPGRADING TO SI 6.0.3.5 ON DOCKER ENVIRONMENT CUSTOMER GETS AUTHORIZATION ISSUE IN FILEGATEWAY UI |
| IT40235 | SETTING MAILBOX.MESSAGEDELETESIZE IN CUSTOMIZATION UI DOESN'T WORK WHEN SFG DISABLED |
| IT41631 | ENHANCE B2B MAIL CLIENT ADAPTER FOR ACCESSING MICROSOFT EXCHANGE WITH OAUTH 2.0 |
| IT32980 | INCORRECT VERSION SAVED WHEN CHECKING OUT MAP, BUSINESS PROCESS, FROM SI GUI - PROTOTYPE.JS NEEDLE.IRV.USTX.IBM.COM |
| IT40421 | SAP SUITE ADAPTER CONNECTION POOL EXHAUSTED. SI NEEDS TO BE RECYLCED |
| IT41148 | CD REQUESTER'S CIPHER CHOOSER SHOULD USE PROTOCOL SELECTED IN GUI |
| IT40367 | ASCII ARMOR IS DESELECTED IT STILL SHOWS AS ON WHEN VIEWING/EDITING THE PARTNER |
| IT41689 | INFORMATION IS DISCLOSED IN HTTP RESPONSE IN B2B API |
| IT41172 | INVOKE BUSINESS PROCESS FAILS WITH VIOLATION OF PRIMARY KEY CONSTRAINT 'SCI_PK_168' |
| IT41893 | OAUTH2 ERROR - B2BMAIL ADAPTER FAILED TO GET AN ACCESS TOKEN JAVA.IO.IOEXCEPTION: SERVER RETURNED HTTP RESPONSE CODE |
| Link | Date Released | Status |
|---|---|---|
| Download |
February 07, 2023 |
Available |
Security Fixes
| APAR | Description |
| IT42431 | IBM WEBSPHERE APPLICATION SERVER LIBERTY IS VULNERABLE TO HTTP HEADER INJECTION (CVE-2022-34165 CVSS 5.4) |
| IT42393 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT42394 | XSS SECURITY VULNERABILITY EXISTS IN THE MAILBOX UI OF IBM STERLING B2B INTEGRATOR (CHECKMARX) |
| IT42395 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT42443 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT42806 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT42857 | INFORMATION DISCLOSURE SECURITY VULNERABILITY EXISTS IN THE DASHBOARD OF IBM STERLING B2B INTEGRATOR - DOWNLOADING THREAD CORE DUMP |
| IT41105 | SECURITY VULNERABILITY IN APACHE XML SECURITY AFFECTS IBM STERLING B2B INTEGRATOR (CVE-2021-40690 CVSS 5.3) |
| IT41111 | XXE SECURITY VULNERABILITY IN APACHE POI AFFECTS IBM STERLING B2B INTEGRATOR (CVE-2019-12415 CVSS 5.3) |
| IT42896 | SECURITY VULNERABILITIES IN SPRING SECURITY AFFECTS IBM STERLING B2B INTEGRATOR (CVE-2022-31692, CVE-2022-22978 CVSS 8.2) |
| IT41109 | THE SECURITY VULNERABILITIES IN APACHE SANTUARIO XML SECURITY AFFECT IBM STERLING B2B INTEGRATOR (CVE-2021-40690, CVE-2014-8152 CVSS 5.3) |
| IT42222 | DENIAL OF SERVICE SECURITY VULNERABILITY IN SPRING FRAMEWORK AFFECTS B2B API OF IBM STERLING B2B INTEGRATOR (CVE-2022-22970 CVSS 6.5) |
| IT42888 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT42890 | SECURITY VULNERABILITIES IN JQUERY.JS AFFECTS EBICS CLIENT UI OF IBM STERLING B2B INTEGRATOR (CVS 7.2) |
| IT42505 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43036 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43034 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT41648 | SECURITY VULNERABILITY EXISTS IN SFTP SERVER ADAPTER 2.0 IN IBM STERLING B2B INTEGRATOR |
Regular Fixes
| APAR | Description |
| IT42323 | MQ ADAPTERS STATUS OUT OF SYNC BETWEEN DASHBOARD AND DATABASE |
| IT42115 | SAP OUTBOUND ALE/RFC CONNECTION PARAMETERS |
| IT37467 | "CANNOT FIND CLASS NAME FOR OID: OID 1.2.840.113549.1.9.52" WHEN PROCESSING OFTP2 INBOUND MESSAGE |
| IT42648 | NEW SUB-MAILBOX CREATED IN MAILBOXES>CONFIGURATION DOES NOT SHOW UP IN THE LIST WITHOUT REFRESHING THE PAGE |
| IT42358 | REMOVE SYNCHRONIZED BLOCK FROM THE CONHASH CONCURRENTHASHMAP IN ABSTRACTVENDOR.JAVA |
| IT42827 | OLD JARS IN THE <INSTALL_DIR>/PACKAGES DIRECTORY ARE NOT GETTING REMOVED |
| IT42511 | SLOW OR BLOCKING QUERIES ON THE DATABASE FROM THE DOCUMENT_LIFESPAN TABLE |
| IT42801 | SELF-REFLECTED CROSS SITE SCRIPTING IN RCT - DBS BANK |
| IT42800 | UI - CREATE NEW MAILBOX - SELECT FIELD |
| IT42019 | GLOBAL MAILBOX EVENTS WHICH ARE OLD ARE NOT BEING CLEARED FROM CASSANDRA TABLES |
| IT42970 | TEXT "RETURN" IS DISPLAYED TWICE ON EDIT PARTNER SCREEN INSIDE COMMUNITY |
| IT42966 | ERROR MESSAGE FOR SPECIAL CHARACTERS IS WRONG WHILE CREATING COMMUNITY NAME |
| IT42969 | PAGE NOT FOUND ERROR WHEN CLICKED ON CANCEL BUTTON ON "ADD PARTNER: CHECK IN AUTHORIZED USER KEY" SCREEN |
| Link | Date Released | Status |
|---|---|---|
| Download |
November 17, 2023 |
Current |
Security Fixes
| APAR | Description |
| IT44223 | SECURITY VULNERABILITY WITH UNCHECKED LOOP CONDITION IN IBM STERLING B2B INTEGRATOR |
| IT44198 | [ALL] IBM WEBSPHERE MQ - CVE-2023-32342 (PUBLICLY DISCLOSED VULNERABILITY) (CVSS 5.9) |
| IT44738 | SECURITY VULNERABILITY IN SPRING FRAMEWORK AFFECTS IBM STERLING B2B INTEGRATOR (CVE-2023-20863 CVSS 7.5) |
| IT42985 | INFORMATION DISCLOSURE SECURITY VULNERABILITY EXISTS IN RESOURCE IMPORTER OF IBM STERLING B2B INTEGRATOR (CVE-2023-25682 CVSS 6.2) |
| IT44222 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44322 | SECURITY VULNERABILITY IN COMMONS-BCEL AFFECT IBM STERLING B2B INTEGRATOR (CVE-2022-42920 CVSS 9.8) |
| IT43649 | SECURITY VULNERABILITIES IN JETTISON AFFECT EBLICS CLIENT OF IBM STERLING B2B INTEGRATOR (CVE-2023-1436, CVSS 5.3) |
| IT44677 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43308 | SECURITY VULNERABILITIES IN XSTREAM AFFECT IBM STERLING B2B INTEGRATOR (CVEID: CVE-2022-40151, 40152, 40153, 40154, 40155, 40156 CVSS 6.5) |
| IT40443 | SAMESITE IS NOT SET TO STRICT IN THE HTTP RESPONSE HEADER FOR THE UI OF IBM STERLING B2B INTEGRATOR (CVE-2023-42016 CVSS 4.3) |
| IT43591 | SECURITY VULNERABILITY IN OWASP ESAPI AFFECTS IBM STERLING B2B INTEGRATOR (CVE-2010-3300 CVSS 7.5) |
| IT43908 | [ALL] APACHE COMMONS FILEUPLOAD (PUBLICLY DISCLOSED VULNERABILITY) (CVE-2023-24998 CVS 7.5) |
| IT44559 | XSS SECURITY VULNERABILITY EXISTS IN THE DASHBOARD UI OF IBM STERLING B2B INTEGRATOR FROM DBS |
| IT43678 |
SECURITY VULNERABILITIES IN SNAKEYAML AFFECT B2B API OF IBM STERLING B2B INTEGRATOR (CVE-2017-18640, CVE-2022-25857, CVE-2022-38749, CVE-2022-38750, CVE-2022-38751, CVE-2022-38752, CVE-2022-41854, CVE-2022-1471 CVSS CVSS 8.3) |
| IT40617 | SECURITY VULNERABILITY IN JDOM AFFECTS IBM STERLING B2B INTEGRATOR (CVE-2021-33813 CVSS 5.3) |
| IT44078 | [ALL] ECLIPSE JETTY (PUBLICLY DISCLOSED VULNERABILITY) (CVE-2023-26048, CVE-2023-26049 CVSS 5.3) |
| IT43051 | CSRF SECURITY VULNERABILITY EXISTS IN ROSETTANET SEARCH IN DASHBOARD UI OF IBM STERLING B2B INTEGRATOR (CVE-2022-35638) |
| IT44185 | [ALL] APACHE STRUTS - CVE-2023-34396 (PUBLICLY DISCLOSED VULNERABILITY) (CVSS 7.5) |
| IT43937 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44182 |
SECURITY VULNERABILITY IN SNAPPY-JAVA AFFECTS B2B API OF IBM STERLING B2B INTEGRATOR (CVE-2023-43642 CVSS 7.5)
|
| IT42828 | SECURITY VULNERABILITY IN GOOGLE GSON AFFECTS IBM STERLING B2B INTEGRATOR (CVE-2022-25647 CVSS 7.7) |
| IT43090 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43522 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44415 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44092 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43138 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44283 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44091 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44311 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43549 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43508 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44559 | XSS SECURITY VULNERABILITY EXISTS IN THE DASHBOARD UI OF IBM STERLING B2B INTEGRATOR FROM DBS |
| IT44452 | NO SECURITY RESPONSE HEADER FOUND IN THE HTTP RESPONSE FROM AN ADAPTER |
Regular Fixes
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Component":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF014","label":"iOS"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"6.0","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
Was this topic helpful?
Document Information
Modified date:
03 July 2024
UID
ibm10729175