Fix Readme
Abstract
This page contains comprehensive fix information for all Fix Packs released for Sterling B2B Integrator and Sterling File Gateway V6.1.0.0 and later versions.
Content
IBM periodically releases fix packs for download to resolve issues in Sterling B2B Integrator. All Sterling B2B Integrator customers should download the most recently available fix pack and apply it to their environments.
Follow these steps to update your system:
- Download the fix pack from Fix Central.
- Install the fix pack on each node in your environment. Remember that a node outage is required. You should apply the fix pack to your test environment first and run regression tests against it before applying it to production.
| Link | Date Released | Status |
|---|---|---|
| Download |
September 18, 2020 |
Available |
Note: This Fix Pack also contains APAR security and regular fixes from 5263_15, 5.2.6.4_4, 5.2.6.5_2, 6.0.2.2, and 6.0.3.2 releases.
Security Fixes
| APAR | Description |
| IT33331 | REST API CREDENTIALS ARE SHOWN IN THE LIBERTY LOGS |
| IT33520 | PERMISSION CONTROL SECURITY VULNERABILITY EXISTS IN DASHBOARD UI |
| IT33724 | GLOG COOKIE DOES NOT HAVE SECURE OR HTTPONLY FLAG ON |
| IT33753 | FTP SERVER LOGS STORE USER PASSWORDS WHEN PASS COMMAND USED VIA TELNET |
| IT33882 | A USER CAN VIEW THE DIRECTORY STRUCTURE OF STERLING B2B INTEGRATOR HOST WITHOUT PERMISSION |
| IT33991 | XSS SECURITY VULNERABILITY IN IMPORT MANAGER OF DASHBOARD UI |
| IT33523 | PERMISSION CONTROL SECURITY VULNERABILITY EXISTS IN ACCOUNT MANAGEMENT DASHBOARD UI |
| IT32838 | SPE REMOTE MAP TEST SSL ERROR VERSION OF JAVA RUNTIME DOES NOT SUPPORT THE TLS VERSION ON THE SERVER |
Regular Fixes
| APAR | Description |
| IT32280 | ERROR IN USEREXIT LOG FOR ANY USER AUTHENTICATED WITH THE REST API |
| IT32339 | CREATESCHEDULE XAPI UNABLE TO PASS NAME OR VALUE PAIRS TO SCHEDULE IN DATAXML |
| IT32786 | SPLASH PAGE LOADED FOR FILE GATEWAY AFTER UPGRADING TO 6.0.3 |
| IT33034 | MAILBOXAS2SENDSYNCMDN IS NOT NOTIFYING A FAILURE ON THE AS2 TRANSMISSION AND THE MESSAGE SENT REMAINS LOCKED |
| IT33301 | SOFTSTOP.SH DOES NOT WORK IN 6.0.3 |
| IT32812 | AFTER UPGRADE TO 6.0.1, AND DEPLOYMENT OF WAR FILES THE HTTP SERVER ADAPTER SESSION INFORMATION IS NOT DISPLAYED |
| IT32704 | THE REST API CLIENT SERVICE GET FAILS WHEN URL INCLUDES COMMA |
| IT33624 | AIX B2B INTEGRATOR CLUSTER NOAPP PROCESSES STILL RUN AFTER RUNNING SOFTSTOP.SH ALL AND HARDSTOP |
| IT33465 | JAVA.LANG.NULLPOINTEREXCEPTION IN UI.LOG WHEN CHANGING SYSTEM CERTIFICATE NAME |
| IT29000 | IF X12 EDI DATA IS 00402 OR GREATER, ENVELOPE SERVICE DOES NOT USE THE ISA 11 CHARACTER TO SEPERATE ELEMENTS MARKED REPETITIVE |
| IT32350 | UNABLE TO IMPORT THE EXPORT OF USER ACCOUNTS WITH PASSWORD POLICY INTO ANOTHER INSTANCE |
| IT33182 | MAILBOX DOES NOT THROW AN ERROR WHEN USING THE COMMAND SFTP CLIENT TO LIST FILES IN GLOBAL MAILBOX |
| IT34153 | ERROR WHEN UPGRADING IBM STERLING B2B INTEGRATOR FROM V5.2 to V6.0.x AS PART OF BTI INTEGRATION SERVICE |
| IT33958 | XML JSON TRANSFORMER SERVICE STAYS ACTIVE INDEFINITELY WHEN TRANSFORMING AN XML FILE TO JSON |
| Link | Date Released | Status |
|---|---|---|
| No Longer Available |
January 04, 2021 |
Superseded |
Note: This Fix Pack also contains APAR security and regular fixes from 6.0.3.3 and 6.0.2.3 releases.
Security Fixes
| APAR | Description |
| IT35207 | CDSA SECURE+ SESSIONS CONFIGURED WITH ECDSA-BASED CIPHERS FAIL AFTER UPGRADING FROM 6.0.3.0 TO 6.0.3.3 |
| IT35348 | SECURITY VULNERABILITY: PERMISSION CONTROL SECURITY VULNERABILITIES AFFECT THE DASHBOARD UI |
Regular Fixes
| APAR | Description |
| IT34636 | SFTP USER EXIT FAILS WHEN GLOBAL MAILBOX IS TURNED ON FOR THE SFG ACCOUNT AND A NULL POINTER EXCEPTION IS SEEN IN SFTPSERVER.LOG |
| IT32906 | CROSS-SITE SCRIPTING VULNERABILITY - /FILEGATEWAY/SMARTCLIENTRPC.DO |
| IT34961 | UNABLE TO LOG IN TO STERLING FILEGATEWAY WITH SPANISH LOCALIZATION: REFERENCE ERROR: FG_I18N IS NOT DEFINED |
| IT33335 | FILE ROUTING AND SFTP UPLOADS VIA GLOBAL MAILBOX TAKES MORE TIME THAN TRADITIONAL MAILBOX |
| IT34577 | AWSS3 CLIENT GET ACTION, NEITHER KEEPS THE DOCUMENT IN PROCESS-DATA NOR IN DOWNLOADED-FILE-NAME |
| IT34917 | POST INSTALLATION OF DOCKER AND THE STANDARDS JAR AS MENTIONED IN DOCUMENTATION STRLING FILE GATEWAY GETS ENABLED |
| IT34599 | GB18030 CHARACTERS ARE INCORRECTLY DISPLAYED |
| IT35032 | GENCON GARBAGE COLLECTION POLICY IS OUTDATED AND DOESN'T WORK WELL WITH NEWER ENVIRONMENTS |
| IT35031 | CHANGING DEFAULT VISIBILITY OF QUEUES TO 6 |
| IT34569 | GB18030 CHARACTERS DON'T DISPLAY CORRECTLY |
| IT34935 | IMPLEMENTATION OF CONNECTION POOLING FOR WSMQ SUITE |
| IT34898 | STERLING B2B INTEGRATOR 6.1 IIM INSTALL PACKAGE UI DISPLAYS UNREADABLE JAPANESE CHARACTER |
| Link | Date Released | Status |
|---|---|---|
| No Longer Available |
March 16 , 2021 |
Superseded |
Note: This Fix Pack also contains APAR security and regular fixes from 6.0.3.4 release.
Security Fixes
| APAR | Description |
| IT35181 | THE FILEGATEWAY AND MYFILEGATEWAY USER INTERFACES LACK SUFFICIENT PERMISSION CONTROL |
| IT35605 | ACCESS CONTROL VULNERABILITY AFFECTS IBM STERLNG FILE GATEWAY (CVE-2021-20372) |
| IT35654 | ACCESS SECURITY CONTROL VULNERABILITY AFFECTS IBM STERLING FILE GATEWAY (CVE-2021-20375) |
| IT35660 | SECURITY VULNERABILITY: USER ENUMERATION VULNERABILITY IN MYFILEGATEWAY USER INTERFACE |
| IT35837 | SECURITY VULNERABILITY: SESSION FIXATION SECURITY VULNERABILITY IN FILEGATEWAY |
| IT35845 | CROSS SITE SCRIPTING VULNERABILITY 6.1 (PERSISTENT XSS) |
| IT37912 | IBM WEBSPHERE MQ (PUBLICLY DISCLOSED VULNERABILITY) |
Regular Fixes
| APAR | Description |
| IT31929 | IBM STERLING B2B INTEGRATOR HAS SLOW FILE TRANSFER DOWNLOAD VIA THE SFTP CLIENT GET SERVICE |
| IT35721 | IBM STERLING B2B INTEGRATOR USES THE AFFECTED FUNCTIONALITY WITHIN XSTREAM LIBRARIES FOR CVE-2020-26217 |
| IT35738 | EMAIL ADDRESS IS INCLUDED IN HTTP RESPONSE AFTER USER LOGIN |
| IT35845 | CROSS SITE SCRIPTING VULNERABILITY 6.1 (PERSISTENT XSS) |
| IT35920 | TEMP COOKIE FROM DASHBOARD UI DOES NOT HAVE HTTPONLY OR SECURE SET |
| Link | Date Released | Status |
|---|---|---|
| Download |
June 29, 2021 |
Superseded |
Note: This Fix Pack also contains APAR security and regular fixes from 5.2.6.5_4 release.
Security Fixes
| APAR | Description |
| IT35458 | SECURITY VULNERABILITY: [ALL] ECLIPSE JETTY (PUBLICLY DISCLOSED VULNERABILITY) |
| IT36390 | SECURITY VULNERABILITY: MYFILEGATEWAY USER CAN UPLOAD THE FILE EVEN THOUGH THE UPLOAD TAB IS DISABLED |
| IT36447 | SECURITY VULNERABILITY: 3RD PARTY STORED CROSS SITE SCRIPTING IN IBM STERLING B2B INTEGRATOR |
| IT36570 | SECURITY VULNERABILITY: INFORMATION DISCLOSURE SECURITY VULNERABILITY IN THE DASHBOARD USER INTERFACE |
| IT36609 | SECURITY VULNERABILITY: PERSISTENT XSS SECURITY VULNERABILITY EXISTS IN THE WEB SERVICE MANAGEMENT USER INTERFACE |
| IT36300 | SECURITY VULNERABILITY - MYFILEGATEWAY FILE-NAME COULD BE INTERCEPTED TO INJECT DISALLOWED CHARACTERS IN FILENAME |
| IT36280 | SECURITY VULNERABILITY: MYFILEGATEWAY UI DISPLAYS SENSITIVE INFORMATION AFTER LOGOUT |
| IT38515 | APACHE KAFKA VULNERABILITIES AFFECT THE B2B API OF IBM STERLING B2B INTEGRATOR (CVE-2017-12610, CVE-2018-1288) |
| IT37914 | UPGRADE NETTY JAR (CVSS 9.1) |
| IT37682 | UPDATE APACHE TOMCAT JARS (CVSS 9.8) |
| IT37681 | UPGRADE XML BEAN (CVSS 9.1) |
| IT38512 | UPDATE JACKSON-DATABIND JAR (CVSS 9.8) |
| IT37913 | UPDATE BOUNCY CASTLE JAR IN GATEWAY.WAR (CVSS 9.8) |
| IT36552 | UPDATE JASPERREPORTS (CVSS 8.8) |
| IT36688 | SECURITY VULNERABILITY: CSRF TOKEN APPEARS IN THE URLS FOR FILEGATEWAY USER INTERFACE (AFT) |
Regular Fixes
| APAR | Description |
| IT34735 | AWS S3 CLIENT SERVICE GET OPERATION UNABLE TO GET THE DOCUMENTS AND LIST THEM AS PRIMARY DOCUMENTS |
| IT35379 | AWS S3 CLIENT SERVICE DOES NOT DELETE THE TEMPORARY FILES CREATED WHEN DOCUMENTS OR FILES ARE SENT FROM MAILBOX TO AWS S3 STORAGE |
| IT36079 | RCT CREATION USING SPECIAL CHARACTERS DOES NOT WORK IN THE SWAGGER UI |
| IT36097 | INCORRECT PATH SPECIFIED IN DECRYPT_STRING.CMD SCRIPT |
| IT36217 | UNABLE TO UPDATE THE USER ACCOUNT API WITH CUSTOM PASSWORD POLICY |
| IT36272 | V6.1 NODE2 CHECKBOX IS HIDDEN IN THE IIM INSTALLATION PANEL |
| IT36286 | THE CHECKBOX FOR DATABASE SCHEMA INFORMATION IS HIDDEN IN THE IIM INSTALLATION PANEL |
| IT36335 | FILE SYSTEM ADAPTER FAILS TO COLLECT FILENAMES WITH LATIN CHARACTERS SPECIFIC TO AIX |
| IT36649 | UNABLE TO SET THE "REVIEWED" TICK ON FILEGATEWAY IN V6.1.0.2 ON AN ARRIVED FILE |
| IT36687 | WITH NATIVE PGP, PGP PACKAGE SERVICE RESULTS IN BLANK ENCRYPTED DOCUMENT WHEN A SMALL FILE IS ENCRYPTED AND DOCUMENT STORAGE IS FILE SYSTEM |
| IT36696 | NATIVE PGP DOES NOT WORK WHEN DOCUMENT ENCRYPTION IS ENABLED |
| IT36710 | DUMPINFO OUTPUT FILE SHOWS REPETITION OF LICENSE, DBINFO, AND JVMINFO IN A WINDOWS SETUP |
| IT37063 | CONSUMER PROTOCOL IN ROUTING CHANNEL TEMPLATE IS UPDATED FROM "MAILBOX ONLY" TO "PROTOCOL OR MAILBOX" WHEN THE ROUTING CHANNEL TEMPLATE IS IMPORTED FROM V5.6.6.3 TO V6.1 |
| Link | Date Released | Status |
|---|---|---|
| Download |
November 12, 2021 |
Available |
Note: This Fix Pack also contains APAR security and regular fixes from 6.0.3.5 release.
Security Fixes
| APAR | Description |
| IT37848 | UPGRADE LOG4J (CVSS 7.8) |
| IT37693 | UPDATE APACHE COMMONS BEANUTILS (CVSS 7.5) |
| IT37615 | UPDATE APACHE XCERCES2 J (CVSS 7.5) |
| IT38514 | UPDATE APACHE TAGLIBS (CVSS 7.5) |
| IT37678 | UPGRADE DATA MAPPER FOR JACKSON (CVSS 7.5) |
| IT38149 | UPDATE JBOSS DROOLS (CVSS 7.5) |
| IT36447 | SECURITY VULNERABILITY: 3RD PARTY STORED CROSS SITE SCRIPTING IN IBM STERLING B2B INTEGRATOR |
| IT37677 | UPGRADE JACKSON DATAFORMATS JAR (CVSS 7.5) |
| IT38515 | APACHE KAFKA VULNERABILITIES AFFECT THE B2B API OF IBM STERLING B2B INTEGRATOR (CVE-2017-12610, CVE-2018-1288) |
| IT38674 | IBM STERLING B2B INTEGRATOR IS VULNERABLE TO CROSS-SITE REQUEST FORGERY (CVE-2020-4668) |
Regular Fixes
| APAR | Description |
| IT38047 | EBICS PARTNERS WITH ENTRIES IN STERLING FILE GATEWAY - PARTNERS ARE LEFT WHEN ENTRIES IN PROFILE MANAGER - PARTNER CONFIGURATION ARE DELETED |
| IT37875 | STERLING B2BI-RESTAPI-GETPAYLOADDATA FAILS IN V6.1.0.2 |
| IT37845 | USER HAVING PROBLEM LOGGING INTO MYFG2.0 AFTER CLOSING BROWSER |
| IT37843 | FILTERS MYFG2.0 |
| IT37343 | ERROR WHEN USING JMS 1,1 ACQUIRE CONNECTION AND SESSION SERVICE WITH SSL AND DESTINATION TYPE AS TOPIC |
| IT37631 | USING JDBCSERVICE.LWJDBC.WRITEDOCFORNONSELECT FUNCTION CREATES ERROR IN SYSTEM.LOG |
| IT37688 | USER RESTRICTION IN SFTP SERVER ADAPTER IS ONLY WORKING WITH PASSWORD AUTHENTICATION BUT NOT WITH PUBLIC KEY AUTHENTICATION |
| IT37718 | MISSING TRANSLATION IN THE POP-UP MESSAGE PT-BR MYFG2.0 |
| IT36708 | ROUTING CHANNELS WITH A GLOBAL MAILBOX PRODUCER CANNOT BE IMPORTED VIA THE IMPORT SERVICE IN A BP |
| IT37692 | EBICS SERVER GENERATES DUPLICATE ORDER IDS |
| IT38235 | CUSTOMIZATION LINK IS NOT ACCESSIBLE |
| IT38442 | EBICS BANK - GERMAN ORDER TYPES - TEST PARAMETER HANDLING |
| IT36996 | FILEGATEWAY RE-DLIVER USING REST API TRIGGERS TWO FILES INSTEAD OF ONE FILE CREATING DUPLICATES ON CONSUMER SIDE |
| IT38579 | MANY ENTRIES LIKE THE INSIDE SSHKEYDBINFOBASE SETTING RAW KEY AFTER UPGRADE |
| IT37296 | SBI NATIVE PGP ERROR WHEN DECRYPTING FILE FROM SYMANTEC COMMAND LINE PGP |
| IT37771 | ERROR "JAVAX.NAMING.COMMUNICATIONEXCEPTION [ROOT EXCEPTION IS JAVA.RMI.NOSUCHOBJECTEXCEPTION: NO SUCH OBJECT IN TABLE]" IN OPS.LOG AFTER UPGRADING TO 6.1.0.2 |
| IT36929 | CASE SENSITIVE ISSUE OF FILENAME FILTER IN SFTP CLIENT SERVICES 2.0 IN BP FOR ".PDF" / ".PDF" IN 6.1 VERSION |
| IT37921 | EBICS CLIENT SERVICES DOES NOT REPORT PROPERLY FAILURE STATUS |
| IT36405 | INCORRECT MQ POOLING BEHAVIOR FOR TLS CHANNELS, CONNECTIONS ARE NOT BEING RE-USED |
| IT36406 | WEBSPHERE MQ SUITE ASYNC RECEIVE ADAPTER RECONNECT FAILURE |
| IT37288 | CANNOT CREATE A CERTIFICATE CONTAINING SPACES USING REST API ALTHOUGH FROM THE DASHBOARD THEY ARE ALLOWED |
| IT38067 | AFTER UPGRADE TO 61,WSMQ ASYNCH RECEIVE ADAPTER DOESNT PULL MESSAGES WHEN QM IS LEFT BLANK |
| IT32183 | REVERT FIX FOR IT32183 - AS2INBOUND WORKFLOW PROCESSES OUTBOUND MDN INSTEAD OF ACTUAL PAYLOAD WHENEVER EDIINTPIPELINEPARSE FAILS |
| IT38091 | USERACCOUNTS LIST API ALONG WITH QUERY PARAMETERS IS THROWING AN ERROR |
| IT37208 | EDIT OF PARTNERS IN SFG NOT POSSIBLE ANYMORE WITH ITALIAN LANGUAGE SET IN BROWSER |
| IT38454 | CACHE REFRESH SERVICE NOT REFRESHING PROPERTIES DELETED VIA THE CUSTOMIZATION UI |
| IT37558 | ISSUE WITH THE DEFAULT PASSWORD POLICY ON FIRST LOGIN IN B2BI V6.1.0.1 DASHBOARD |
| IT38036 | NULLPOINTEREXCEPTION RAISED WHEN TRYING TO VIEW DATA FLOW DETAILS |
| IT38132 | COMMUNICATION SESSIONS ARE NOT CLOSED WHEN SFTP SERVER IS USED WITH GLOBAL MAILBOX |
| IT36968 | HPB ORDER TYPE EBICS CLIENT DOES RECEIVE AN INVALID XML CHARACTER (UNICODE: 0X5) WHEN SECURITY.ENC_DECR_DOCS=ENC_ALL IS SET ON EBICS SERVER SIDE |
| IT38628 | CLEAN UP THE OLD JGROUPS-3.4.0.ALPHA2.JAR |
| IT38251 | HTTP GET SERVICE SETTING INVALID CONTENT TYPE, CAUSES ERRORS WITH GLOBAL MAILBOX |
| IT38630 | IF YOU CLICK FINISH MULTIPLE TIMES IN CREATE SSH HOST KEY, MULTIPLE DUPLICATE KEYS CREATED |
| Link | Date Released | Status |
|---|---|---|
| Download |
January 13, 2022 |
Available |
Security Fixes
| APAR | Description |
| IT39380 | UPGRADE LOG4J TO 2.17.0 |
| Link | Date Released | Status |
|---|---|---|
| Download |
April 08, 2022 |
Current |
Regular Fixes
| APAR | Description |
| IT39649 | UNABLE TO CREATE A ROUTE ON A SUB-MAILBOX IN GLOBAL MAILBOX IF A ROUTE ALREADY EXISTS ON ANOTHER SUB-MAILBOX UNDER THE SAME PARENT MAILBOX |
| IT39935 | FILES ARE NOT BEING REMOVED FROM FILE SHARE EVEN THOUGH THEY ARE DELETING ALL MAILBOX MESSAGES AFTER 14 DAYS WITH A BUSINESS PROCESS |
| IT39936 | NULLPOINTEREXCEPTION OCCURRED IN DELETING MESSAGE WITH MAILBOX DELETE SERVICE FOR GLOBAL MAILBOX |
| Link | Date Released | Status |
|---|---|---|
| Download |
May 14, 2022 |
Available |
Note: This Fix Pack also contains APAR security and regular fixes from 6.0.3.6 release.
Security Fixes
| APAR | Description |
| IT39737 | UPGRADE LOG4J TO 2.17.1 |
| IT38878 | SECURITY VULNERABILITIES IN APACHE SANTURARIO AFFECT IBM STERLING B2B INTEGRATOR (CVE-2013-4517, CVE-2013-2172 CVSS 5.0) |
| IT40546 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT40945 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT40552 | IBM STERLING B2B INTEGRATOR VULNERABLE TO DENIAL OF SERVICE DUE TO XSTREAM (CVE-2021-43859) |
| IT38705 | INFORMATION DISCLOSURE SECURITY VULNERABILITY EXISTS IN THE REST B2B API IN IBM STERLING B2B INTEGRATOR |
| IT40669 | IBM STERLING FILE GATEWAY IS VULNERABLE TO MULTIPLE ISSUES DUE TO BOUNCY CASTLE |
| IT39545 | SECURITY VULNERABILITY IN APACHE COMMON IO AFFECTS IBM STERLING B2B INTEGRATOR (CVE-2021-29425 CVSS 7.5) |
Regular Fixes
| APAR | Description |
| IT39649 | UNABLE TO CREATE A ROUTE ON A SUB-MAILBOX IN GLOBAL MAILBOX IF A ROUTE ALREADY EXISTS ON ANOTHER SUB-MAILBOX UNDER THE SAME PARENT MAILBOX |
| IT38915 | TEMPLATE SEARCH FROM SFG ROUTES > CHANNELS PAGE IS BROKEN |
| IT39689 | CAN EXTERNAL PURGE PROPERTIES BY MODIFIED IN THE CUSTOMIZATION UI? |
| IT38789 | WHEN OVERRIDING A PROPERTY VALUE IN CUSTOMER_OVERRIDES IN DB / CUSTOMIZATION UI. SHOULD THE NEW VALUE BE REFLECTED ON QUEUEWATCHER / VIEW PROPERTIES? |
| IT39642 | DBVERIFY.SH FOR REGRESSION-FORCE DBVERIFY.SH RUN DIRECTLY FROM COMMAND LINE PLACE RESULTING FILES IN <INSTALL_DIR>/BIN. REGARDLESS OF USE_CONNECTION_SERVICE_FOR_DBVERIFY PARAMETER VALUE |
| IT39308 | FG FILE SHOWN AS FAILED, BUT FILE SUCCESSFULLY DELIVERED TO PARTNER |
| IT38956 | BROKEN DOCUMENT FILE ICON ON EDI CORRELATION SCREEN AFTER UPGRADE TO 6102, FROM 5263 |
| IT39987 | SI 6104_1 OFFSET ISSUE ON SI UI DASHBOARD WHILE USING CHROME BROWSER |
| IT38721 | CANNOT ACCESS CERTIFICATE CAPTURE UTILITY WITHOUT SYSTEM CERTIFICATES PERMISSION |
| IT38454 | QUEUE WATCHER NOT INCLUDING THE CUSTOMIZATION UI PROPERTIES |
| IT40230 | GET FUNCTIONALITY NOT WORKING FOR AWS S3 CLIENT ADAPTER IN WINDOWS |
| IT39664 | CANNOT USE FOLDERNAME ALONG WITH FILEPATTERN FOR AWS S3 GET ADAPTER |
| IT38947 | STERLING CONNECT DIRECT NETMAP SERVICES UPDATE AND DELETE FUNCTION SELECT THE WRONG NETMAP WHEN THE NETMAP NAMES ARE CASE SENSITIVE |
| IT39574 | THE CHINESE DASHBOARD IS GARBLED IN 6.1.0.4 |
| IT39816 | REST API ALWAYS DELETES ALL VERSIONS OF A BP EVEN WHEN YOU SELECT A SPECIFIC VERSION TO BE DELETED |
| IT38702 | TRADING PARTNER API FAILING TO UPDATE PARTNER PASSWORD |
| IT38771 | BLANK PAGE WHEN TRYING TO CREATE SFG TRADING PARTNER |
| IT38904 | BLANK PAGE WHEN EDITING A SFG TRADING PARTNER |
| IT39453 | REST API MAX. FIELD LENGTH MISMATCH |
| IT40368 | IN SBI 6010001, THE SFTP CLIENT CONNECTION USING SFTP2.0 IS SUCESSFUL EVEN IF THE KNOWN HOST KEY IS INCORRECT IN THE SSH REMOTE PROFILE |
| IT40498 | MYFG 2.0: UPLOADED FILENAME IS DISPLAYED WRONG IF THE FILE NAME CONTAINS GB18030 CHARACTERS |
| IT39445 | INTERRUPTED FILE TRANSFER BEHAVES DIFFERENTLY FOR GLOBAL MAILBOX |
| IT39236 | STERLING B2B INTEGRATOR WEBSPHEREMQ ASYNC RECEIVE ADAPTER HANGING AFTER FAILOVER |
| IT39650 | "WAITING FOR FILE TO PROCESS" POPUP KEEP SPINNING IN MYFILEGATEWAY FOR GLOBAL MAILBOX |
| IT38747 | SFTP SERVER ADAPTER (MAVERICK) REPORTING CIPHER NOT FOUND IN SERVER CIPHER LIST |
| IT38698 | UPDATE OF JAR FILE IN CUSTOM SERVICE DOES NOT WORK |
| IT38977 | UNABLE TO CHANGE FONT COLOR OF SELECTED LINK AND HOVER LINK IN B2B DASHBOARD |
| IT39974 | MULTIPLE SECURITY ISSUES FOR SAME MYFILEGATEWAY URL |
| IT39732 | SPE SERVICE IS NOT RETURNING DATA TO THE MESSAGE FROM SERVICE INSTEAD RETURNING TO THE PROCESS DATA WHEN LOAD IS HIGH |
| IT40056 | EBICS SERVER UI VERY SLOW WHEN MANY ORDER TYPES AND FILE FORMATS ARE CONFIGURED |
| IT40136 | SWIFTNET7: UPGRADE PATH FOR MEFG - LOST ABILITY TO PERFORM IN PLACE UPGRADE |
| IT40944 | PAGE NOT FOUND ERROR ON RETURNING FROM PARTNER LIST VIEW UI |
| IT39827 | MYFG2.0 ERRORS POST LOGIN |
| IT39505 | FILEGATEWAY PARTNER LIST UI IS BROKEN IN 6.1.0.3 |
| IT39992 | JVM MONITOR THREAD DUMP UTILITY WILL ONLY USE CLA2AUTH |
| IT39106 | CONTROLLERWORKFLOW SHOWN MESSAGE WORKFLOW STATE (<STATUS>) UNEXPECTED, IGNORING THIS REQUEST." |
| IT40661 | FAILS TO DOWNLOAD MESSAGES FROM DISTRIBUTED MAILBOX THROUGH B2B'S SFTP SERVER ADAPTER 2.0 CONNECTION |
| IT40684 | AWSS3EXCEPTION: ACCESS DENIED (SERVICE: AMAZON S3; STATUS CODE: 403; |
| IT37341 | NOTIFICATION ISSUE AFTER ENABLING REDELIVER AND REPLAY IN UI FOR TPS |
| IT40766 | [SFTP 2.0] INTERRUPTED FILE TRANSFER BEHAVES DIFFERENTLY FOR GLOBAL MAILBOX |
| IT40810 | PGP KEYS OF TYPE NATIVE ARE LISTED UNDER PGP PUBLIC KEYS WHEN ACCESSED USING APIS |
| Link | Date Released | Status |
|---|---|---|
| Download |
July 14, 2022 |
Available |
Regular Fixes
| APAR | Description |
| IT41631 | ENHANCE B2B MAIL CLIENT ADAPTER FOR ACCESSING MICROSOFT EXCHANGE WITH OAUTH 2.0 |
| Link | Date Released | Status |
|---|---|---|
| Download |
September 5, 2022 |
Available |
Security Fixes
| APAR | Description |
| IT41648 | SECURITY VULNERABILITY EXISTS IN SFTP SERVER ADAPTER 2.0 IN IBM STERLING B2B INTEGRATOR |
Regular Fixes
| APAR | Description |
| IT40662 | FOR SFG ARRIVEDFILE EVENTS THE DATA FLOW HYPERLINK IS NOT AVAILABLE IN FILEGATEWAY WHEN CLICKING ON THE DATA FLOW LINK IN THE ARRIVED FILE SEARCH SCREEN |
| IT41706 | GLOBAL MAILBOX - FILES UPLOADED TO ONE DC ARE NOT REPLICATED TO THE OTHER DC |
| Link | Date Released | Status |
|---|---|---|
| Download |
October 28, 2022 |
Available |
Note: This Fix Pack also contains APAR security and regular fixes from 6.0.3.7 release.
Security Fixes
| APAR | Description |
| IT40312 | XSS SECURITY VULNERABILITIES EXISTS IN DASHBOARD UI OF IBM STERLING B2B INTEGRATOR (DBS) |
| IT39958 | XSS SECURITY VULNERABILITIES EXISTS IN DASHBOARD UI OF IBM STERLING B2B INTEGRATOR (DBS) |
| IT38888 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT38884 | INVESTIGATE THE SECURITY VULNERABILITY OF APACHE COMPRESS (CVSS 7.5) |
| IT39547 | SECURITY VULNERABILITY IN HTTP CLIENT AFFECTS IBM STERLING B2B INTEGRATOR (CVE-2020-13956 CVSS 5.3) |
| IT38879 | IBM STERLING B2B INTEGRATOR IS VULNERABLE TO INFORMATION DISCLOSURE DUE TO JUNIT4 (CVE-2020-15250) |
| IT41291 | UPDATE SPRING FRAMEWORK (CVSS 5.4) |
| IT42094 | SECURITY VULNERABILITIES IN JACKSON-DATABIND EXISTS IN B2B API OF IBM STERLING B2B INTEGRATOR FROM CORE-IO JAR (CVE-2019-12384 AND OTHERS CVSS 9.8) |
| IT42188 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT42189 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT38890 | SECURITY VULNERABILITIES IN ECLIPSE JETTY AFFECT IBM STERLING B2B INTEGRATOR (CVE-2021-34428, CVE-2021-28169, CVE-2021 CVSS 5.3) |
| IT42222 | DENIAL OF SERVICE SECURITY VULNERABILITY IN SPRING FRAMEWORK AFFECTS B2B API OF IBM STERLING B2B INTEGRATOR (CVE-2022-22970 CVSS 6.5) |
| IT41672 | [DAS] SQL INJECTION SECURITY VULNERABILITY EXISTS IN EBICS UI OF IBM STERLING B2B INTEGRATOR (CVE-2022-22338 CVSS 6.3) |
| IT41689 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
Regular Fixes
| APAR | Description |
| IT36929 | CASE SENSITIVE ISSUE OF FILENAME FILTER IN SFTP CLIENT SERVICES 2.0 IN BP FOR ".PDF" / ".PDF" IN 6.1 VERSION |
| IT41771 | CHANGING ENCRYPTION STRENGTH SHOW ILLEGAL CHARACTERS WHEN BROWSER PREFERRED LANGUAGE IS CHINESE |
| IT39574 | FILE GATEWAY IS GARBLED WHEN BROWSER PREFERRED LANGUAGE IS CHINESE |
| IT41493 | XMLJSONTRANSFORMER DOCUMENTATION DOES NOT STATE IF XML DATA OF ONLY NUMERICS WILL BE OUTPUT AS STRING (IN QUOTES) OR NUMERIC (NO QUOTES) |
| IT40810 | PGP KEYS OF TYPE NATIVE ARE LISTED UNDER PGP PUBLIC KEYS WHEN ACCESSED USING APIS |
| IT41500 | UI NOT DISPLAYING ALL THE ENTRIES IN A CODE LIST IF THE COMBINATION OF SENDER AND RECEIVER RESULT IN THE SAME VALUE |
| IT40961 | ERRORS IN OPS.LOG : JAVAX.NAMING.COMMUNICATIONEXCEPTION |
| IT40746 | IF YOU CLICK FINISH MULTIPLE TIMES IN CREATE SSH USER IDENTITY KEY, MULTIPLE DUPLICATES ARE CREATED |
| IT40733 | SWIFTNET7 AIX RA 7.4 : DEPENDENT MODULE LIBSWLNK.A COULD NOT BE LOADED |
| IT41814 | CANNOT UPDATE B2B MAIL CLIENT ADAPTER INSTANCE VIA REST API IF SSL IS ENABLED AND MULTIPLE CA CERTIFICATES ARE ASSIGNED |
| IT41945 | NO MQ REASON CODES FOR MQGET EXCEPTIONS IF DEBUG DISABLED IN WEBSPHEREMQ ASYNC RECEIVE ADAPTER |
| IT41034 | REMOTE FAILS TO EXTRACT REAL FILENAME FROM B2B ENCRYPTED DOCUMENT BY NATIVEPGP PUBLIC KEY |
| IT41591 | ISSUE WHILE ENABLING AND DISABLING ADAPTERS THROUGH UI |
| IT42048 | ZIP FILE GETS CORRUPTED WHEN DOWNLOADED WITH THE REST API CLIENT SERVICE |
| IT41585 | CUSTOMER IS SOMEHOW CREATING DUPLICATE NAMED SSH USER IDENTITY KEYS AND THEN IS UNABLE TO DELETE THEM IN THE DASHBOARD GUI |
| IT41763 | FSA DOES NOT CLEAR THE LOCK. INTERMITTENT ISSUE |
| IT39445 | INTERRUPTED FILE TRANSFER BEHAVES DIFFERENTLY FOR GLOBAL MAILBOX |
| IT42192 | INSTALLING JARS OF LARGE SIZE - AWS S3 - OPENSHIFT |
| IT42183 | SMIME/CMS SIGNATURE FAILURE FOR CUSTOMER "M GROUP" WITH "CANNOT FIND CLASS NAME FOR OID: OID 1.2.840.113549.1.9.52" |
| IT42200 | AKS K8S 19.X USING HELM CHART IBM-SFG-PROD-2.0.5 TO CHANGE THE REST API POD TO USE MSSQL TLSV1.2 INSTEAD OF V1 |
| IT42245 | HELM CHART IBM-SFG-PROD-2.0.5 NOT COMPATIBLE WITH K8S 1.17.11 |
| Link | Date Released | Status |
|---|---|---|
| Download |
April 14, 2023 |
Available |
Note: This Fix Pack also contains APAR security and regular fixes from 6.0.3.8 release.
Security Fixes
| APAR | Description |
| IT43073 | [ALL] IBM WEBSPHERE MQ - CVE-2022-42436 (PUBLICLY DISCLOSED VULNERABILITY) (CVSS 4.0) |
| IT43310 | [ALL] JACKSON-DATABIND - CVE-2022-42004 (PUBLICLY DISCLOSED VULNERABILITY) (CVE-2022-42004 CVSS 6.2) |
| IT42431 | IBM WEBSPHERE APPLICATION SERVER LIBERTY IS VULNERABLE TO HTTP HEADER INJECTION (CVE-2022-34165 CVSS 5.4) |
| IT43312 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43311 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT42890 | SECURITY VULNERABILITIES IN JQUERY.JS AFFECTS EBICS CLIENT UI OF IBM STERLING B2B INTEGRATOR (CVS 7.2) |
| IT41109 | THE SECURITY VULNERABILITIES IN APACHE SANTUARIO XML SECURITY AFFECT IBM STERLING B2B INTEGRATOR (CVE-2021-40690, CVE-2014-8152 CVSS 5.3) |
| IT41111 | XXE SECURITY VULNERABILITY IN APACHE POI AFFECTS IBM STERLING B2B INTEGRATOR (CVE-2019-12415 CVSS 5.3) |
| IT40617 | SECURITY VULNERABILITY IN JDOM AFFECTS IBM STERLING B2B INTEGRATOR (CVE-2021-33813 CVSS 5.3) |
| IT43308 | SECURITY VULNERABILITIES IN XSTREAM AFFECT IBM STERLING B2B INTEGRATOR (CVEID: CVE-2022-40151, 40152, 40153, 40154, 40155, 40156 CVSS 6.5) |
| IT43309 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT42806 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
Regular Fixes
| APAR | Description |
| IT42844 | SEARCHING AS2 PARTNER PROFILE DOES NOT DISPLAY THE PARTNER WHILE TYPING IT IF THE PROFILE WAS CREATED VIA REST API |
| IT41206 | SFTP SERVER ADAPTER 2.0 ENHANCEMENT |
| IT43147 | WORKDAY WSDL IMPORT FAILS IN SI DUE TO SIZE |
| IT39574 | FILE GATEWAY IS GARBLED WHEN BROWSER PREFERRED LANGUAGE IS CHINESE |
| IT39445 | INTERRUPTED FILE TRANSFER BEHAVES DIFFERENTLY FOR GLOBAL MAILBOX |
| IT42530 | NATIVEPGP ENCRYPTION FAILS FOR LARGER FILES WHEN COMPRESSION IS TURNED OFF |
| IT43152 | SWAGGER-UI ERROR 500: JAVAX.SERVLET.SERVLETEXCEPTION: FILTER [SPRINGSECURITYFILTERCHAIN]: COULD NOT BE INITIALIZED |
| IT43071 | CUSTOM PROTOCOLS ARE ONLY SEEN AS ENABLED FROM FILEGATEWAY UI WHEN A STANDARD PROTOCOL IS ENABLED |
| IT42689 | RESOURCE TAG CONSISTS OF DELETED FILEGATEWAY PARTNERS WHEN EXPORTING |
| IT42453 | SFGDBCHECK TOOL CREATES A MISSING MAILBOX WITH PRODUCERCODE INSTEAD OF PRODUCERNAME |
| IT43188 | THE READ USER ACCOUNT REST API IS RETURNING THE WRONG AUTHENTICATION HOST OF EXTERNAL USERS |
| IT43300 | FEW FILES ARE NOT PROCESSED AND BLOCKED ON CLA2 STEP. ENCRYPTION THREADS ARE RUNNING AND BLOCKING THE QUEUE WHEN TOO MUCH THREADS ARE IN THE QUEUE |
| IT42859 | UNABLE TO CREATE SSH PROFILE IN V6.1.0.6 DUE TO ERROR - THE NAME IS DUPLICATE |
| IT43322 | GLOBAL MAILBOX EVENT RULE ADAPTER DOES NOT SEND A USER ID PASSWORD TO IBM MQ GREATER THAN 12 CHARACTERS |
| IT42726 | PGP PACKAGE SERVICE SIGNS DOCUMENT ALSO IF "SIGNED BY THE PARTNER" SET TO NO |
| IT42929 | SFGDBCHECK TOOL IS REPORTING COMMUNITIES IN THE INCONSISTENT PARTNERS LIST |
| IT43103 | MAILBOX MESSAGES IN MYFG2.0 UI DO NOT HONOR EXTRACTABILITY POLICIES |
| IT42619 | TP_IMPORT/EXPORT.SH ALWAYS SHOWS "ERROR '1' DURING EXPORT FOR CD_NETMAPS |
| IT42237 | LIBERTY LOGGING - STRANGE FOLDER NAME ${LOG-PATH} WITH ANALYTICS-%D{YYYY-MM-DD}.LOG |
| IT43181 | UPDATION OF CODELIST ENTRIES UPON SORTING BY RECEIVERCODE/SENDERCODE REPORTS UI ERROR |
| IT42676 | UNABLE TO IMPORT A PARTNER CONTAINING & IN THE PARTNER NAME |
| IT42746 | SFTP CLIENT BEGIN SESSION STATUS REPORT VERY GENERIC |
| IT42490 | NATIVE PGP UNPACKAGE SERVICE HAS INCORRECT "ACTION" IN PROCESS DATA FOR DECRYPT AND VERIFY |
| IT42461 | SFTP CLIENT MOVE SERVICE FAILS WITH NO SUCH FILE |
| IT43468 | EBICS SERVER AND EBICS CLIENT VERSIONS ARE NOT UPDATED ON THE SUPPORT PAGE IN OCP |
| IT43250 | REST API UPDATE TRADING PARTNER API000411 ERROR FOR GLOBAL MAILBOX LISTENING PRODUCER |
| IT41142 | WHEN CREATING ROUTING CHANNELS (VIA RESTAPI) FOR A PRODUCER PARTNER WITH SUBMAILBOXES, THE EVENT RULE IS GETTING CREATED FOR THE FIRST SUBMAILBOX ONLY AND NOT FOR THE SUBSEQUENT SUBMAILBOXES, AND THE EVENT RULE LIST ONLY ONE MAILBOX |
| IT42019 | GLOBAL MAILBOX EVENTS WHICH ARE OLD ARE NOT BEING CLEARED FROM CASSANDRA TABLES |
| Link | Date Released | Status |
|---|---|---|
| Download |
October 06, 2023 |
Current |
Security Fixes
| APAR | Description |
| IT43138 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43549 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43090 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43508 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43522 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44091 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44092 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44078 | ECLIPSE JETTY (PUBLICLY DISCLOSED VULNERABILITY) (CVSS 5.3) |
| IT44300 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43649 | SECURITY VULNERABILITIES IN JETTISON AFFECT EBICs CLIENT OF IBM STERLING B2B INTEGRATOR (CVE-2023-1436, CVSS 5.3) |
| IT43908 | [ALL] APACHE COMMONS FILEUPLOAD (PUBLICLY DISCLOSED VULNERABILITY) (CVE-2023-24998 CVS 7.5) |
| IT44182 | UPDATE SNAPPY-JAVA IN B2B API (CVSS 7.5) |
| IT44198 | [ALL] IBM WEBSPHERE MQ - CVE-2023-32342 (PUBLICLY DISCLOSED VULNERABILITY) (CVSS 5.9) |
| IT44322 | SECURITY VULNERABILITY IN COMMONS-BCEL AFFECT IBM STERLING B2B INTEGRATOR (CVE-2022-42920 CVSS 9.8) |
Regular Fixes
| APAR | Description |
| IT43645 | GM IMPORT UTILITY FAILS WITH JAVA.LANG.NOCLASSDEFFOUNDERROR: ORG.APACHE.COMMONS.COLLECTIONS.ARRAYSTACK |
| IT43762 | EXTERNAL PURGE INSTALLED ON OPENSHIFT PLATFORM CLEARS ALL THE LOCKS WHEN IT STARTS |
| IT43734 | RESTAPI - WHEN USING THE RESTAPI UI HTTP://IP:BASEPORT+74/B2BAPIS/SVC TO CREATE MAILBOXES THE FOLLOWING ERROR MESSAGE IS RAISED IN LOGFILE (SYSTEM.LOG) |
| IT43643 | STERLING INTEGRATOR IB 997 PROCESS DATA SHOWS SUCCESSFUL BUT THE 997 RECONCILIATION REPORT HAS AN ERROR |
| IT41328 | QUERY ON FG_ROUTE TABLE DOES NOT USE BIND VARIABLES |
| IT43785 | NOT ABLE TO SEND EMAIL FROM STERLING INTEGRATOR / SBI / B2BI TO MS EXCHANGE ONLINE USING SMTP SEND ADAPTER |
| IT43301 | DIRECT TRANSFERS ARE SLOW WHEN USING GLOBAL MAILBOX |
| IT42183 | SMIME/CMS SIGNATURE FAILURE FOR CUSTOMER "M GROUP" WITH "CANNOT FIND CLASS NAME FOR OID" |
Mod Pack (V6.1.1.0)
| Date Released | Status |
|---|---|
|
September 17, 2021 |
Available |
Important: You can download the fix from Passport Advantage.
Note: This Mod Pack also contains APAR security and regular fixes from 6.0.0.7 and 6.1.0.3 releases.
Security Fixes
| APAR | Description |
| IT35823 | INFORMATION DISCLOSURE VULNERABILITIES AFFECT IBM STERLING B2B FILE GATEWAY USER INTERFACE (CVE-2021-20485, CVE-2021-20563) |
| IT36688 | SECURITY VULNERABILITY: CSRF TOKEN APPEARS IN THE URLS FOR FILEGATEWAY USER INTERFACE (AFT) |
| IT37682 | UPDATE APACHE TOMCAT JARS (CVSS 9.8) |
| IT36354 | SECURITY VULNERABILITY: REFLECTED CROSS-SITE SCRIPTING VULNERABILITY IN IBM STERLING B2B INTEGRATOR DISCOVERED BY THIRD PARTY |
| IT37597 | CROSS-SITE SCRIPTING VULNERABILITY AFFECTS THE MAILBOX USER INTERFACE OF IBM STERLING B2B INTEGRATOR (CVE-2021-29855) |
| IT33759 | IBM STERLING B2B INTEGRATOR VULNERABLE TO CROSS-SITE AJAX REQUEST VULNERABILITY DUE TO PROTOTYPE JAVASCRIPT (CVE-2008-7220) |
| IT36390 | SECURITY VULNERABILITY: MYFILEGATEWAY USER CAN UPLOAD THE FILE EVEN THOUGH THE UPLOAD TAB IS DISABLED |
| IT36280 | SECURITY VULNERABILITY: MYFILEGATEWAY UI DISPLAYS SENSITIVE INFORMATION AFTER LOGOUT |
| IT36300 | SECURITY VULNERABILITY - MYFILEGATEWAY FILE-NAME COULD BE INTERCEPTED TO INJECT DISALLOWED CHARACTERS IN FILENAME |
| IT37862 | B2BIAPIS --> SECOND_ORDER_SQL_INJECTION [1] |
| IT36900 | SECURITY VULNERABILITY: PERMISSION CONTROL SECURITY VULNERABILITY EXISTS IN CREATING USER NEWS IN THE DASHBOARD USER INTERFACE |
| IT36914 | SECURITY VULNERABILITY: PERMISSION CONTROL SECURITY VULNERABILITIES EXISTS WHILE DOWNLOADING WAR FILE FROM WEB EXTENSION UTILITY |
| IT36930 | SECURITY VULNERABILITY: ACCESS CONTROL SECURITY VULNERABILITY EXISTS WHILE VIEWING THE ROSETTA NET ACTIVITIES |
| IT36609 | SECURITY VULNERABILITY: PERSISTENT XSS SECURITY VULNERABILITY EXISTS IN THE WEB SERVICE MANAGEMENT USER INTERFACE |
| IT36447 | SECURITY VULNERABILITY: 3RD PARTY STORED CROSS SITE SCRIPTING IN IBM STERLING B2B INTEGRATOR |
| IT37031 | SECURITY VULNERABILITY: STORED XSS SECURITY VULNERABILITY EXISTS IN DASHBOARD USER INTERFACE CAUSED BY NOT CHECKING SERVER NAME IN CREATING A PERIMETER SERVER |
| IT37777 | UNABLE TO DISABLE SPECIFIC TLS VERSION (TLS 1.0) ON HTTP SERVER ADAPTER USING SSLHELLOPROTOCOL |
| IT37848 | UPGRADE LOG4J (CVSS 7.8) |
| IT37914 | UPGRADE NETTY JAR (CVSS 9.1) |
| IT37678 | UPGRADE DATA MAPPER FOR JACKSON (CVSS 7.5) |
| IT37859 | UPGRADE XSTREAM TO 1.4.17 (CVSS 8.8) |
| IT37693 | UPDATE APACHE COMMONS BEANUTILS (CVSS 7.5) |
| IT37613 | B2BI_DOCKER CLUMP --> SECOND_ORDER_SQL_INJECTION [2] |
| IT37612 | CROSS-SITE REQUEST FORGERY [3] |
| IT35458 | SECURITY VULNERABILITY: [ALL] ECLIPSE JETTY (PUBLICLY DISCLOSED VULNERABILITY) |
| IT37681 | UPGRADE XML BEAN (CVSS 9.1) |
| IT37858 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT37642 | CROSS-SITE SCRIPTING VULNERABLITY AFFECTS THE DASHBOAD UI OF IBM STERLING B2B INTEGRATOR (CVE-2021-29836) |
| IT38514 | UPDATE APACHE TAGLIBS (CVSS 7.5) |
| IT37677 | UPGRADE JACKSON DATAFORMATS JAR (CVSS 7.5) |
| IT37615 | UPDATE APACHE XCERCES2 J (CVSS 7.5) |
| IT38149 | UPDATE JBOSS DROOLS (CVSS 7.5) |
| IT37913 | UPDATE BOUNCY CASTLE JAR IN GATEWAY.WAR (CVSS 9.8) |
| IT36552 | UPDATE JASPERREPORTS (CVSS 8.8) |
| IT36570 | SECURITY VULNERABILITY: INFORMATION DISCLOSURE SECURITY VULNERABILITY IN THE DASHBOARD USER INTERFACE |
| IT35845 | CROSS SITE SCRIPTING VULNERABILITY 6.1 (PERSISTENT XSS) |
| IT37912 | IBM WEBSPHERE MQ (PUBLICLY DISCLOSED VULNERABILITY) |
| IT35837 | SECURITY VULNERABILITY: SESSION FIXATION SECURITY VULNERABILITY IN FILEGATEWAY |
| IT35660 | SECURITY VULNERABILITY: USER ENUMERATION VULNERABILITY IN MYFILEGATEWAY USER INTERFACE |
| IT35654 | ACCESS SECURITY CONTROL VULNERABILITY AFFECTS IBM STERLING FILE GATEWAY (CVE-2021-20375) |
| IT35605 | ACCESS CONTROL VULNERABILITY AFFECTS IBM STERLNG FILE GATEWAY (CVE-2021-20372) |
| IT35181 | THE FILEGATEWAY AND MYFILEGATEWAY USER INTERFACES LACK SUFFICIENT PERMISSION CONTROL |
| IT38515 | APACHE KAFKA VULNERABILITIES AFFECT THE B2B API OF IBM STERLING B2B INTEGRATOR (CVE-2017-12610, CVE-2018-1288) |
| IT38512 | UPDATE JACKSON-DATABIND JAR (CVSS 9.8) |
Regular Fixes
| APAR | Description |
| IT35859 | ROSETTANET ISSUE AFTER REACHING INT LIMIT FOR WFID |
| IT36453 | ERROR DECRYPTING DB PASSWORD AFTER UPGRADING TO B2BI 6.1.0.1 WITH FIPS |
| IT37796 | IGNORELATEINBOUND LOG SHOWS INCORRECT DELIVERY TIME AND AS A RESULT REQUEST IS HANDLED AS TIMEOUT |
| IT37462 | THE NEW QUERY.CALCDOCUMENTLIFESPANSQL1.MSSQL QUERY IS TRYING TO INSERT DUPLICATE WORKFLOW_ID IN THE BPMV_LS_WRK TABLE |
| IT37692 | EBICS SERVER GENERATES DUPLICATE ORDER IDS |
| IT38106 | SILENTINSTALLATIONFILECONVERTER UTILITY IS CREATING DUPLICATE PARAMETERS WITH OPPOSITE VALUES |
| IT38091 | USERACCOUNTS LIST API ALONG WITH QUERY PARAMETERS IS THROWING AN ERROR |
| IT37875 | STERLING B2BI-RESTAPI-GETPAYLOADDATA FAILS IN V6.1.0.2 |
| IT37921 | EBICS CLIENT SERVICES DOES NOT REPORT PROPERLY FAILURE STATUS |
| IT38047 | EBICS PARTNERS WITH ENTRIES IN STERLING FILE GATEWAY - PARTNERS ARE LEFT WHEN ENTRIES IN PROFILE MANAGER - PARTNER CONFIGURATION ARE DELETED |
| Link | Date Released | Status |
|---|---|---|
| Download |
January 13, 2022 |
Superseded |
Security Fixes
| APAR | Description |
| IT39380 | UPGRADE LOG4J TO 2.17.0 |
| Link | Date Released | Status |
|---|---|---|
| Download |
March 11, 2022 |
Available |
Security Fixes
| APAR | Description |
| IT39737 | UPGRADE LOG4J TO 2.17.1 |
Regular Fixes
| APAR | Description |
| IT38166 | AFTER APPLYING 6.0.3.4 IFIX APAR IT37392, SFTP CLIENT GET FAILS WITH ERROR MESSAGE = [NO SUCH FILE: THE MESSAGE [XXX/ABC] IS NOT EXTRACTABLE! |
| IT40130 | AFTER UPGRADING FROM B2BI 6.1.0.0 TO 6.1.1.0, MANY OF THE HTTPS SERVER ADAPTERS FAIL TO START AFTER THE NODE STARTS UP |
| Link | Date Released | Status |
|---|---|---|
| Download |
February 19, 2022 |
Available |
Note: This Fix Pack also contains APAR security and regular fixes from 6.1.0.4 release.
Security Fixes
| APAR | Description |
| IT37287 | INFORMATION DISCLOSURE SECURITY VULNERABILITY EXISTS IN IBM STERLING B2B INTEGRATOR WEB USER INTERFACE (JETTY 404) (CVE-2021-39033 4.3) |
| IT38888 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT38877 | SECURITY VULNERABILITIES IN XSTREAM AFFECT THE B2B API OF IBM STERLING B2B INTEGRATOR |
| IT38878 | SECURITY VULNERABILITIES IN APACHE SANTURARIO AFFECT IBM STERLING B2B INTEGRATOR (CVE-2013-4517, CVE-2013-2172 CVSS 5.0) |
| IT38879 | IBM STERLING B2B INTEGRATOR IS VULNERABLE TO INFORMATION DISCLOSURE DUE TO JUNIT4 (CVE-2020-15250) |
| IT38884 | INVESTIGATE THE SECURITY VULNERABILITY OF APACHE COMPRESS (CVSS 7.5) |
| IT39126 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39125 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39090 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT38412 | PERMISSION CONTROL SECURITY VULNERABILITY EXITS IN THE MAILBOX USER INTERFACE OF IBM STERLING B2B INTEGRATOR |
| IT33759 | IBM STERLING B2B INTEGRATOR VULNERABLE TO CROSS-SITE AJAX REQUEST VULNERABILITY DUE TO PROTOTYPE JAVASCRIPT (CVE-2008-7220) |
| IT38705 | INFORMATION DISCLOSURE SECURITY VULNERABILITY EXISTS IN THE REST B2B API IN IBM STERLING B2B INTEGRATOR |
| IT39737 | UPGRADE LOG4J TO 2.17.1 |
Regular Fixes
| APAR | Description |
| IT39094 | ERROR WHILE CREATING EBICS BTF SERVICE |
| IT39226 | S3 CLIENT ADAPTER STOPS AFTER UPGRADE TO SI 6.1.1 |
| IT39228 | EBICS: DUPLICATE ORDER FAILURES NOT LOGGED IN FILEGATEWAY |
| IT39229 | ERRORCODE = "CONNECTION LEAK" IN JETTY.LOG AND SCI.LOG |
| IT39281 | ENHANCE CDSA TO PASS SACCOUNT AND PACCOUNT INFORMATION TO A B2BI BUSINESSES PROCESS |
| IT39445 | INTERRUPTED FILE TRANSFER BEHAVES DIFFERENTLY FOR GLOBAL MAILBOX |
| IT39494 | UNABLE TO VIEW A SWIFTNETROUTING RULE IN B2BI 6.1.1 |
| IT39649 | UNABLE TO CREATE A ROUTE ON A SUB-MAILBOX IN GLOBAL MAILBOX IF A ROUTE ALREADY EXISTS ON ANOTHER SUB-MAILBOX UNDER THE SAME PARENT MAILBOX |
| IT35379 | AWSS3CLIENT / PUT SERVICE GENERATES FILES INTO THE SI INSTALL/TMP DIRECTORY WHICH ARE NOT DELETED |
| IT39528 | WINDOWS XCOPY COMMANDS CAUSING UPGRADEJDK.CMD SCRIPT TO FAIL |
| IT39855 | FILE UPLOAD TO S3 BUCKET USING MAILBOX OPTION DOESN’T WORK |
| IT39681 | B2BI TAGLIBS (JSLT) UPGRADE FROM 1.1.2 TO 1.2.5 IN EBICS CLIENT AND SERVER REST APIS |
| IT39163 | DUPLICATE HAC REQUEST SENT BY THE EBICS HAC SCHEDULER |
| IT39774 | SFTP CLIENT 2.0 PWD SERVICE DIDN'T RETURN THE SAME RESULT COMPARED TO SFTP CLIENT 1.0 PWD SERVICE |
| IT34982 | REMOTE HOST IS INVALID. PLEASE ENTER A VALID DOMAIN NAME OR IPV4 OR IPV6 ADDRESS |
| Link | Date Released | Status |
|---|---|---|
| Download |
August 11, 2022 |
Available |
Security Fixes
| APAR | Description |
| IT38890 | SECURITY VULNERABILITIES IN ECLIPSE JETTY AFFECT IBM STERLING B2B INTEGRATOR (CVE-2021-34428, CVE-2021-28169, CVE-2021 CVSS 5.3) |
| IT40312 | XSS SECURITY VULNERABILITIES EXISTS IN DASHBOARD UI OF IBM STERLING B2B INTEGRATOR (DBS) |
| IT39442 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39357 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39422 | IBM STERLING B2B INTEGRATOR DASHBOARD UI IS VULNERABLE TO SENSITIVE INFORMATION EXPOSURE (CVE-2021-39087) |
| IT39433 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39434 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39424 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39440 | SQL INJECTION SECURITY VULNERABILITY EXISTS IN THE DASHBOARD UI OF IBM STERLING B2B INTEGRATOR (CVE-2021-39085, CVSS 6.3) |
| IT39438 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39547 | SECURITY VULNERABILITY IN HTTPCLIENT AFFECTS IBM STERLING B2B INTEGRATOR (CVE-2020-13956 CVSS 5.3) |
| IT41026 | HTTP SESSION DOES NOT EXPIRE AFTER PASSWORD CHANGE |
| IT40552 | IBM STERLING B2B INTEGRATOR VULNERABLE TO DENIAL OF SERVICE DUE TO XSTREAM (CVE-2021-43859) |
| IT39958 | XSS SECURITY VULNERABILITIES EXISTS IN DASHBOARD UI OF IBM STERLING B2B INTEGRATOR (DBS) |
| IT38888 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT41002 | SECURITY VULNERABILITIES IN CKEDITOR EXISTS IN B2B API OF IBM STERLING B2B INTEGRATOR (CVSS 7.6) |
| IT41085 | WILDCARD IS SPECIFIED FOR HTTP CORS HEADER IN THE B2BI API FOR IBM STERLING B2B INTEGRATOR |
| IT41370 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT41292 | JACKSON-DATABIND BEFORE 2.13.0 ALLOWS A JAVA STACKOVERFLOW EXCEPTION AND DENIAL OF SERVICE (CVE-2020-36518 CVSS 7.5) |
| IT41369 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT41250 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT41291 | UPDATE SPRING FRAMEWORK (CVSS 5.4) |
| IT39105 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT40617 | SECURITY VULNERABILITY IN JDOM AFFECTS IBM STERLING B2B INTEGRATOR (CVE-2021-33813 CVSS 5.3) |
| IT39360 | INFORMATION DISCLOSURE SECURITY VULNERABILITY EXISTS IN THE USER INTERFACE OF IBM STERLING FILE GATEWAY (DBS VERBOSE ERROR MESSAGE) (CVE-2021-39086 CVSS 4.3) |
| IT41490 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT40669 | IBM STERLING FILE GATEWAY IS VULNERABLE TO MULTIPLE ISSUES DUE TO BOUNCY CASTLE |
| IT41648 | SECURITY VULNERABILITY EXISTS IN SFTP SERVER ADAPTER 2.0 IN IBM STERLING B2B INTEGRATOR |
| IT39104 | DBS HAS REPORTED STORED CROSS SITE SCRIPTING VULNERABILITY ON 6.0.3.3 |
| IT39235 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
Regular Fixes
| APAR | Description |
| IT40068 | SSHKEYGRABBER - ORG.APACHE.SSHD.COMMON.RUNTIMESSHEXCEPTION: FAILED TO GET THE SESSION |
| IT40444 | SWIFTNET7: REQUEST FAILING DURING START OF ADAPTER |
| IT38279 | CUSTOM IFIX REQUEST FOR APAR IT38279 AND IT36968 |
| IT41153 | SFG PARTNER CREATION ROUTINE HAS LONG DELAYS FOR SOME SCREENS TO POPULATE |
| IT40821 | SWIFTNET7: HANDLING OF MESSAGEEXPIRED |
| IT40778 | SFTP SERVER ADAPTER IN READ-ONLY VIEW SHOWS "CIPHER NOT FOUND IN SERVER CIPHER LIST" NEXT TO PREFERREDCIPHER |
| IT39881 | EBICS A/B SIGNATURES NOT WORKING |
| IT39445 | INTERRUPTED FILE TRANSFER BEHAVES DIFFERENTLY FOR GLOBAL MAILBOX |
| IT40236 | CHANGING DASHBOARD_TOPBAR_SUB_INTEGRATOR.GIF WITH API CUSTOMIZATION UI IS NOT PERMANENT / DEPLOYER RESETS |
| IT40988 | CDSA - STERLING CONNECT:DIRECT SERVER PRIMITIVE COPYTO SERVICE STATUS REPORT MISSING INFORMATION |
| IT40057 | DATE PICKER IN DOWNLOAD TAB OF MYFILEGATEWAY UI IS DISABLED |
| IT41090 | OLD VERSION OF CDJAI.JAR COMPILED WITH OLD JAVA VERSION |
| IT41372 | SQL INJECTION EXISTS IN EBICSCLIENT UI |
| IT41089 | UNABLE TO UPLOAD ZERO BYTE FILE VIA MYFILEGATEWAY IN B2BI 6010101 |
| IT39867 | ERROR WHEN SEARCHING OR LISTING FILE FORMATS IN THE EBICS CLIENT UI SET FOR FRENCH LANGUAGE |
| IT40972 | STERLING INTEGRATOR NATIVE PGP DISABLE COMPRESS |
| IT40141 | NATIVE PGP DECRYPTION OF FILE WITH .ASC FILE EXTENSION ADDS PERIOD TO END OF DECRYPTED FILE NAME |
| IT40263 | ACCENTED CHARACTERS DISPLAY INCORRECTLY IN THE EBICS CLIENT UI SET FOR FRENCH LANGUAGE |
| IT40130 | AFTER UPGRADING FROM B2BI 6.1.0.0 TO 6.1.1.0, MANY OF THE HTTPS SERVER ADAPTERS FAIL TO START AFTER THE NODE STARTS UP |
| IT41271 | EBICS COF FOR CDB - H003 WITH FILEFORMAT PAIN.008.00X.02.SBB.CDB FAILING |
| IT39970 | EBICS SERVER COF CONFIGURATION ERROR DURING CREATION |
| IT40056 | EBICS - VEU/EDS ORDER FAILED FOR HVE ON 6.1.1.0 EBICS SERVER / CLIENT USING H003 |
| IT39964 | SOA OUTBOUND SERVICE - CANNOT FIND DOM MECHANISM TYPE |
| IT41150 | RESTAPICLIENT: STRINGINDEXOUTOFBOUNDSEXCEPTION IN BP |
| IT40633 | UNIQUE CONSTRAINT (PKOS09.SCI_PK_215) VIOLATED ON REST API POST |
| IT40252 | GETARRIVEDFILEDETAILS API DOES NOT RETURN RESPONSE IN SWAGGER UI |
| IT40348 | PGP DECRYPT FAILING AFTER MIGRATING FROM SYMANTEC TO NATIVE PGP |
| IT40346 | BULK IMPORT OF PGP KEYS INTO NATIVE PGP THROWS ERROR AFTER IMPORTING AROUND 100 PGP KEYS |
| IT41411 | EDIT SERVICE ADAPTOR CONFIG FAILS WITH "PROCESSING ERROR" |
| IT36929 | SFTP CLIENT LIST SERVICE FAILS TO LIST FILES BY CASE-INSENSITIVE SEARCH |
| IT41631 | ENHANCE B2B MAIL CLIENT ADAPTER FOR ACCESSING MICROSOFT EXCHANGE WITH OAUTH 2.0 |
| Link | Date Released | Status |
|---|---|---|
| Download |
December 24, 2022 |
Available |
Note: This Fix Pack also contains APAR security and regular fixes from 6.1.0.6 release.
Security Fixes
| APAR | Description |
| IT41109 | THE SECURITY VULNERABILITIES IN APACHE SANTUARIO XML SECURITY AFFECT IBM STERLING B2B INTEGRATOR (CVE-2021-40690, CVE-2014-8152 CVSS 5.3) |
| IT42431 |
IBM WEBSPHERE APPLICATION SERVER LIBERTY IS VULNERABLE TO HTTP HEADER INJECTION (CVE- 2022-34165 CVSS 5.4)
|
| IT42505 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT41715 | SPECIAL CHARACTERS CAN BE ENTERED TO A LOG FILE WITH UNSUCCESSFUL LOGIN TO DASHBOARD UI OF IBM STERLING B2B INTEGRATOR |
| IT41689 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT42295 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT42440 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT41362 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
Regular Fixes
| APAR | Description |
| IT42211 | UNABLE TO EXPORT OFTP PARTNERS IN SI 6.1.1 |
| IT42353 | SFTP CLIENT ADAPTER SESSIONS ARE NOT DISTRIBUTED ACROSS CLUSTER NODES |
| IT41102 | CD REQUESTER SUBMIT SERVICE IS FAILING |
| IT41838 | EXCEPTION WHEN GNUPG 8BIT KEY IS MIGRATED VIA PGPPARTNERKEYSMIGRATION.SH |
| IT41833 | ERROR WHILE SYSTEM CERT CHECKIN IN TXT FORMAT - OBJECTIDENTIFIER() -- DATA ISN'T AN OBJECT ID (TAG = 48) |
| IT41739 | PARTNER USER NOT ADDED TO MAILBOX PERMISSIONS WHEN CREATING ROUTING CHANNEL USING B2B API |
| IT40821 | HANDLING OF MESSAGEEXPIRED |
| IT42419 | MONTHLY SCHEDULE NOT WORKING PROPERLY ON V6.1.1.1 |
| IT36929 | SFTP CLIENT LIST SERVICE FAILS TO LIST FILES BY CASE-INSENSITIVE SEARCH |
| IT40918 | 6.1.1 HAVING ISSUES WITH SCP (LINUX) TO SSH 2.0 SERVER ADAPTER |
| IT42144 | EBICS CLIENT UI NOT SHOWING X509 CERTIFICATE NAMES WHILE CREATING NEW EBICS USER |
| IT41974 | COF CREATION IS CAUSING ISSUE IF CONFIGURED ON EBICS CLIENT AND SERVER IN THE SAME ENVIRONMENT |
| IT41790 | IBM STERLING & ADP SSH SPECIAL CHARACTER ENHANCEMENT REQUEST |
| IT42186 | REST API FOR FETCHING SCHEDULE DETAILS, IT'S GIVING WRONG INFORMATION WHEN IT COMES TO SCHEDULE TYPE “SERVICE CONFIGURATION” |
| IT41912 | ON RESTART HTTP SERVER ADAPTERS CREATES NEW BLOB ENTRIES IN HSM AND DELETES THE OLDER ONE |
| IT42286 | EXTERNAL PURGE LOG ERROR DB2 SQL ERROR: SQLCODE=-805, SQLSTATE=51002 (PROD) |
| IT42241 | INCORRECT ITEMS SELECTED ON PGP MANAGER WHILE USING CHROME OR EDGE BROWSER |
| IT42508 | DEFAULTSFTP IN SFTP.PROPERTIES HAS BEEN SET TO 1.0. IT SHOULD BE 2.0 |
| IT42547 | UPGRADE FROM V6.1.1.0 TO V6.1.1.1 FAILS WITH ERROR COM.IBM.STERLING.AFC.INSTALL.LAUNCH.BACKENDLAUNCHER.RUN(BACKENDLAUNCHER.JAVA:354) |
| IT41814 | CANNOT UPDATE B2B MAIL CLIENT ADAPTER INSTANCE VIA REST API IF SSL IS ENABLED AND MULTIPLE CA CERTIFICATES ARE ASSIGNED |
| IT42496 | CREATE A NEW PARTNER ON FILEGATEWAY 6.1.1.1 --> UI WINDOW REMAINS WHITE WITH SPANISH LANGUAGE SETTINGS |
| IT42622 | CONNECT:DIRECT SERVER ADAPTER NOT HONOR DOCUMENT STORAGE TYPE OF SYSTEM DEFAULT WITH DEFAULTSTORAGETYPE=FS |
| IT40662 | FOR SFG ARRIVEDFILE EVENTS THE DATA FLOW HYPERLINK IS NOT AVAILABLE IN FILEGATEWAY WHEN CLICKING ON THE DATA FLOW LINK IN THE ARRIVED FILE SEARCH SCREEN |
| IT42019 | GLOBAL MAILBOX EVENTS WHICH ARE OLD ARE NOT BEING CLEARED FROM CASSANDRA TABLES |
| IT42549 | DOCUMENT NOT FOUND DURING ROUTING AFTER UPGRADING TO 6112 + CUSTOM FIX |
| IT41706 | GLOBAL MAILBOX - FILES UPLOADED TO ONE DC ARE NOT REPLICATED TO THE OTHER DC |
| IT41065 | GLOBAL MAILBOX EVENT RULE ADAPTER DOES NOT RESPECT BATCH MODE AND INVOKES AS IMMEDIATE MODE LEADING TO SAME FILES TO BE PROCESSED TWICE |
| Link | Date Released | Status |
|---|---|---|
| Download |
June 08, 2023 |
Current |
Note: This Fix Pack also contains APAR security and regular fixes from 6107 release.
Security Fixes
| APAR | Description |
| IT42896 | SECURITY VULNERABILITIES IN SPRING SECURITY AFFECTS IBM STERLING B2B INTEGRATOR (CVE-2022-31692, CVE-2022-22978 CVSS 8.2) |
| IT43557 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43555 | VULNERABILITY IN THE APACHE JAMES MIME4J LIBRARY USED BY IBM WEBSPHERE APPLICATION SERVER LIBERTY WHEN THE FEATURE RESTFULWS-3.0 IS ENABLED (CVE-2022-45787 CVSS 5.5) |
| IT43625 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43624 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43473 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43508 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43110 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43073 | [ALL] IBM WEBSPHERE MQ - CVE-2022-42436 (PUBLICLY DISCLOSED VULNERABILITY) (CVSS 4.0) |
| IT43308 | SECURITY VULNERABILITIES IN XSTREAM AFFECT IBM STERLING B2B INTEGRATOR (CVEID: CVE-2022-40151, 40152, 40153, 40154, 40155, 40156 CVSS 6.5) |
| IT42890 | SECURITY VULNERABILITIES IN JQUERY.JS AFFECTS EBICS CLIENT UI OF IBM STERLING B2B INTEGRATOR (CVS 7.2) |
| IT41109 | THE SECURITY VULNERABILITIES IN APACHE SANTUARIO XML SECURITY AFFECT IBM STERLING B2B INTEGRATOR (CVE-2021-40690, CVE-2014-8152 CVSS 5.3) |
| IT43312 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43678 | SECURITY VULNERABILITIES IN SNAKEYAML AFFECT B2B API OF IBM STERLING B2B INTEGRATOR (CVE-2017-18640, CVE-2022-25857, CVE-2022-38749, CVE-2022-38750, CVE-2022-38751, CVE-2022-38752, CVE-2022-41854, CVE-2022-1471 CVSS CVSS 8.3) |
| IT43720 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43649 | SECURITY VULNERABILITIES IN JETTISON AFFECT EBLICS CLIENT OF IBM STERLING B2B INTEGRATOR (CVE-2023-1436, CVSS 5.3) |
| IT43310 |
[ALL] JACKSON-DATABIND - CVE-2022-42004 (PUBLICLY DISCLOSED VULNERABILITY) (CVE-2022-42004 CVSS 6.2)
|
| IT43051 | CSRF SECURITY VULNERABILITY EXISTS IN ROSETTANET SEARCH IN DASHBOARD UI OF IBM STERLING B2B INTEGRATOR (CVE-2022-35638) |
| IT43090 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
Regular Fixes
| APAR | Description |
| IT43547 | INSTALLATION LEAVES JAR FILE IN <INSTALL-DIR> - WASTE OF SPACE OR NEEDED |
| IT42719 | EBICS SERVER - FDL FROM CLIENT INTERMITTENTLY FAILING |
| IT43244 | /B2BAPIS/SVC/USERACCOUNTS DOES NOT ALLOW UPPERCASE FOR EMAIL FIELD |
| IT43149 | PROPERTY STRONGTLS1.2ONLYCIPHERSUITE NOT HONORED |
| IT42745 | ITEMS RELATED TO THE "SOCKET.TCPKEEPALIVE" PROPERTY CONFLICT WITH EACH OTHER |
| IT43400 | WHEN SQL BATCHING IS ENABLED THE INSERTS IN DB ON THE OUTPUT SIDE ARE EXECUTED IN AN UNPREDICTABLE ORDER |
| IT43321 | DELETE ROUTINGCHANNEL API RETURNS 400 RESPONSE, ROUTING CHANNEL IS DELETED |
| IT43601 | ERROR JAVAX.XML.TRANSFORM.TRANSFORMERFACTORYCONFIGURATIONERROR: PROVIDER COM.STERLINGCOMMERCE.WOODSTOCK.XML.XSLT.TRANSFORMERFACTORYIMPL NOT FOUND |
| IT43047 | SFTP2.0 USER EXIT ISFTPSERVERUSEREXIT_ONPUTBEFOREEXECUTE USING OUTPUT PARAMETER KEY_CONTINUE_CMD_EXECUTION DOESN'T WORK AS DOCUMENTED |
| IT42747 | XMLJSONTRANSFORMER SERVICE FAILS WHEN INPUT JSON IS ARRAY OF ELEMENTS WITHOUT ROOT ELEMENT |
| IT43059 | SFTP2.0 USER EXIT ISFTPSERVERUSEREXIT_ONLSCDBEFOREEXECUTE DOESN'T WORK AS DOCUMENTED |
| IT43027 | CIPHERS DEFINED IN SECURITY.STRONG/WEAK/ALLCIPHERSUITE THROUGH CUSTOMIZATION UI ARE NOT PICKED UP BY ADAPTER PORT |
| IT43026 | CIPHERS DEFINED IN SECURITY.JDKCIPHERSUITE THROUGH CUSTOMIZATION UI ARE NOT PICKED UP BY SECURE BASE PORT |
| IT43651 | FILGATEWAY FLICKERING ISSUE IN B2BI 6.1.1.0 |
| IT42183 | EDIINTPIPELINEPARSE HITS AN ERROR MESSAGE: COM.TRUSTPOINT.ASN.ASNEXCEPTION: CANNOT FIND CLASS NAME FOR OID: OID 1.2.840.113549.1.9.52 |
| IT43301 | DIRECT TRANSFERS ARE SLOW WHEN USING GLOBAL MAILBOX |
| IT43054 | PRIVATE CERTIFICATES FOR AN EBICS USER ARE NOT DISPLAYED IN EBICS CLIENT UI |
| IT43250 | REST API UPDATE TRADING PARTNER API000411 ERROR FOR GLOBAL MAILBOX LISTENING PRODUCER |
| IT41142 | WHEN CREATING ROUTING CHANNELS (VIA RESTAPI) FOR A PRODUCER PARTNER WITH SUBMAILBOXES THE EVENT RULE IS GETTING CREATED FOR THE FIRST SUBMAILBOX ONLY AND NOT THE SUBSEQUENT SUBMAILBOXES, AND THE EVENT RULE LIST ONLY 1 MAILBOX |
| IT43747 | EBICS SERVER - COF CANNOT BE CONFIGURED FOR CERTAIN FILE FORMATS |
| IT42502 | EBICS SERVER INI AND HIA IS FAILING |
| IT43878 | HTD ORDER IS FAILING FOR H003 |
| IT43874 | FUL ORDER SUBMISSION IS FAILING |
| Link | Date Released | Status |
|---|---|---|
| Download |
July 21, 2022 |
Available |
Important: Download the Mod Pack from Passport Advantage.
Note: This Mod Pack also contains APAR security and regular fixes from releases:
Security Fixes
| APAR | Description |
| IT39380 | UPGRADE LOG4J TO 2.17.1 |
| IT38884 | INVESTIGATE THE SECURITY VULNERABILITY OF APACHE COMPRESS (CVSS 7.5) |
| IT38888 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT38879 | IBM STERLING B2B INTEGRATOR IS VULNERABLE TO INFORMATION DISCLOSURE DUE TO JUNIT4 (CVE-2020-15250) |
| IT38878 | SECURITY VULNERABILITIES IN APACHE SANTURARIO AFFECT IBM STERLING B2B INTEGRATOR (CVE-2013-4517, CVE-2013-2172 CVSS 5.0) |
| IT38877 | SECURITY VULNERABILITIES IN XSTREAM AFFECT THE B2B API OF IBM STERLING B2B INTEGRATOR |
| IT33759 | IBM STERLING B2B INTEGRATOR VULNERABLE TO CROSS-SITE AJAX REQUEST VULNERABILITY DUE TO PROTOTYPE JAVASCRIPT (CVE-2008-7220) |
| IT38705 | INFORMATION DISCLOSURE SECURITY VULNERABILITY EXISTS IN THE REST B2B API IN IBM STERLING B2B INTEGRATOR |
| IT39126 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT38890 | SECURITY VULNERABILITIES IN ECLIPSE JETTY AFFECT IBM STERLING B2B INTEGRATOR (CVE-2021-34428, CVE-2021-28169, CVE-2021 CVSS 5.3) |
| IT40669 | IBM STERLING FILE GATEWAY IS VULNERABLE TO MULTIPLE ISSUES DUE TO BOUNCY CASTLE |
| IT39125 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39545 | SECURITY VULNERABILITY IN APACHE COMMON IO AFFECTS IBM STERLING B2B INTEGRATOR (CVE-2021-29425 CVSS 7.5) |
Regular Fixes
| APAR | Description |
| IT39936 | NULLPOINTEREXCEPTION OCCURRED IN DELETING MESSAGE WITH MAILBOX DELETE SERVICE FOR GLOBAL MAILBOX |
| IT39935 | FILES ARE NOT BEING REMOVED FROM FILE SHARE EVEN THOUGH THEY ARE DELETING ALL MAILBOX MESSAGES AFTER 14 DAYS WITH A BUSINESS PROCESS |
| IT41631 | ENHANCE B2B MAIL CLIENT ADAPTER FOR ACCESSING MICROSOFT EXCHANGE WITH OAUTH 2.0 |
| Link | Date Released | Status |
|---|---|---|
| Download |
December 23, 2022 |
Available |
Note: This Fix Pack also contains APAR security and regular fixes from 6.1.0.6 release.
Security Fixes
| APAR | Description |
| IT42094 |
SECURITY VULNERABILITIES IN JACKSON-DATABIND EXISTS IN B2B API OF IBM STERLING B2B INTEGRATOR FROM CORE-IO JAR (CVE-2019-12384 AND OTHERS CVSS 9.8)
|
| IT39422 | DBS HAS REPORTED SECURITY VULNERABILITY, INSUFFICIENT AUTHORIZATION CONTROLS ON 6.0.3.3 |
| IT39547 | SECURITY VULNERABILITY IN HTTPCLIENT AFFECTS IBM STERLING B2B INTEGRATOR (CVE-2020-13956 CVSS 5.3) |
| IT39357 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39360 | INFORMATION DISCLOSURE SECURITY VULNERABILITY EXISTS IN THE USER INTERFACE OF IBM STERLING FILE GATEWAY (DBS VERBOSE ERROR MESSAGE) (CVE-2021-39086 CVSS 4.3) |
| IT39562 | SECURITY VULNERABILITY IN APACHE COMMON COMPRESS 1.20 AFFECTS B2B API OF IBM STERLING B2B INTEGRATOR (CVSS 5.5) |
| IT39105 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT41648 | SECURITY VULNERABILITY EXISTS IN SFTP SERVER ADAPTER 2.0 IN IBM STERLING B2B INTEGRATOR |
| IT39958 | XSS SECURITY VULNERABILITIES EXISTS IN DASHBOARD UI OF IBM STERLING B2B INTEGRATOR (DBS) |
| IT40312 | XSS SECURITY VULNERABILITIES EXISTS IN DASHBOARD UI OF IBM STERLING B2B INTEGRATOR (DBS) |
| IT39438 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39434 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39433 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39424 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39442 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39440 | DBS HAS REPORTED SQL INJECTION VULNERABILITY ON 6.0.3.3 |
| IT42395 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT42393 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT42394 | XSS SECURITY VULNERABILITY EXISTS IN THE MAILBOX UI OF IBM STERLING B2B INTEGRATOR (CHECKMARX) |
| IT42443 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT40617 | SECURITY VULNERABILITY IN JDOM AFFECTS IBM STERLING B2B INTEGRATOR (CVE-2021-33813 CVSS 5.3) |
| IT41715 | SPECIAL CHARACTERS CAN BE ENTERED TO A LOG FILE WITH UNSUCCESSFUL LOGIN TO DASHBOARD UI OF IBM STERLING B2B INTEGRATOR |
| IT41002 |
SECURITY VULNERABILITIES IN CKEDITOR EXISTS IN B2B API OF IBM STERLING B2B INTEGRATOR (CVSS 7.6)
|
| IT39104 | DBS HAS REPORTED STORED CROSS SITE SCRIPTING VULNERABILITY ON 6.0.3.3 |
| IT39235 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT40841 | ACCESS CONTROL VULNERABILITY EXISTS IN SFTP SERVER ADAPTER IN IBM STERLING B2B INTEGRATOR |
| IT41672 | [DAS] SQL INJECTION SECURITY VULNERABILITY EXISTS IN EBICS UI OF IBM STERLING B2B INTEGRATOR (CVE-2022-22338 CVSS 6.3) |
| IT41689 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT41362 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT42828 | SECURITY VULNERABILITY IN GOOGLE GSON AFFECTS IBM STERLING B2B INTEGRATOR (CVE-2022-25647 CVSS 7.7) |
| IT39127 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT41371 | IBM STERLING B2B INTEGRATOR IS VULNERABLE TO DENIAL OF SERVICE DUE TO NETTY (CVE-2021-37136, CVE-2021-37137) |
Regular Fixes
| APAR | Description |
| IT42216 | OAUTH2_1.CLASS_NAME PROPERTY IN OAUTH2.PROPETIES GOT INCORRECT ABSOLUTE CLASS NAME |
| IT42353 | SFTP CLIENT ADAPTER SESSIONS ARE NOT DISTRIBUTED ACROSS CLUSTER NODES |
| IT41822 | REST API STILL DISPLAYS DELETED PERMISSIONS IF LISTED DIRECTLY VIA THE URL |
| IT41893 | OAUTH2 ERROR - B2BMAIL ADAPTER FAILED TO GET AN ACCESS TOKEN JAVA.IO.IOEXCEPTION: SERVER RETURNED HTTP RESPONSE CODE: 401 |
| IT42317 | ORACLEPOOL.URL NOT READ FROM FROM THE CUSTOMER_OVERRIDES.PROPERTIES |
| IT39392 | VALUE TOO LARGE FOR COLUMN ON ACT_SESSION.PRINCIPAL |
| IT39574 | FILE GATEWAY IS GARBLED WHEN BROWSER PREFERRED LANGUAGE IS CHINESE |
| IT37315 | CREATE PROPERTY API DOESN'T CREATE PROPERTY IN CUSTOM_PROPERTY TABLE |
| IT37845 | BROWSER CACHE ISSUE WHILE LOGIN TO MYFG 2.0 UI |
| IT39345 | EDIINTPARSE BP FAILS WITH FAILURE UNPACKAGING MESSAGE ERROR - CLASS: 0; SUBCLASS: 0; CODE: 0; |
| IT41706 | GLOBAL MAILBOX - FILES UPLOADED TO ONE DC ARE NOT REPLICATED TO THE OTHER DC |
| IT41065 | GLOBAL MAILBOX EVENT RULE ADAPTER DOES NOT RESPECT BATCH MODE AND INVOKES AS IMMEDIATE MODE LEADING TO SAME FILES TO BE PROCESSED TWICE |
| IT40662 | FOR SFG ARRIVEDFILE EVENTS THE DATA FLOW HYPERLINK IS NOT AVAILABLE IN FILEGATEWAY WHEN CLICKING ON THE DATA FLOW LINK IN THE ARRIVED FILE SEARCH SCREEN |
| Link | Date Released | Status |
|---|---|---|
| Download |
March 09, 2023 |
Available |
Note: This Fix Pack also contains APAR security and regular fixes from releases:
Security Fixes
| APAR | Description |
| IT42936 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT42935 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43058 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT42505 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT41109 |
THE SECURITY VULNERABILITIES IN APACHE SANTUARIO XML SECURITY AFFECT IBM STERLING B2B INTEGRATOR (CVE-2021-40690, CVE-2014-8152 CVSS 5.3)
|
| IT42985 | INFORMATION DISCLOSURE SECURITY VULNERABILITY EXISTS IN RESOURCE IMPORTER OF IBM STERLING B2B INTEGRATOR (CVE-2023-25682 CVSS 6.2) |
| IT43099 |
SECURITY VULNERABILITY IN DOJO TOOLKIT AFFECTS EBICS CLIENT UI OF IBM STERLING B2B INTEGRATOR (CVE-2020-23450 CVSS 9.8)
|
| IT43055 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT39312 | SECURITY VULNERABILITY IN APACHE XML SECURITY AFFECTS IBM STERLING B2B INTEGRATOR (CVE-2021-40690 CVSS 5.3) |
| IT43051 | CSRF SECURITY VULNERABILITY EXISTS IN ROSETTANET SEARCH IN DASHBOARD UI OF IBM STERLING B2B INTEGRATOR (CVE-2022-35638) |
| IT43057 | SECURITY VULNERABILITY IN XSTREAM AFFECTS IBM STERLING B2B INTEGRATOR (CVE-2022-41966 CVSS 8.2) |
| IT42806 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT42896 |
SECURITY VULNERABILITIES IN SPRING SECURITY AFFECTS IBM STERLING B2B INTEGRATOR (CVE-2022-31692, CVE-2022-22978 CVSS 8.2)
|
Regular Fixes
| APAR | Description |
| IT42781 | IN SI 6.1.2 AWS S3 GET SERVICE DOES NOT WORK FOR GETTING FILES MATCHING A PATTERN |
| IT42807 | EVENT SCREEN ON MYFG2.0 DOESN'T FINISH LOADING |
| IT43081 | XML DIGITAL SIGNATURE SERVICE HAS BEEN ENHANCED TO SUPPORT STAX DOCUMENT STREAMING IN SIGNING AND VERIFICATION OPERATIONS |
| IT43041 | WSDL SERVICE IS FAILING AND UNABLE TO REDIRECTING TO HTTPS PORT |
| IT42383 | DEVELOP MSSQL FRIENDLY DATASWEEPER TO CLEAN UP *_GUID TABLES |
| IT42827 | OLD JARS IN THE <INSTALL_DIR>/PACKAGES DIRECTORY ARE NOT REMOVED |
| IT43030 | UNABLE TO CATCH THE EXCEPTION FROM PGPUNPACKAGESERVICE IN ONFAULT |
| IT42726 | PGP PACKAGE SERVICE SIGNS DOCUMENT ALSO IF "SIGNED BY THE PARTNER" SET TO NO |
| Link | Date Released | Status |
|---|---|---|
| Download |
July 25, 2023 |
Available |
Security Fixes
| APAR | Description |
| IT43555 |
VULNERABILITY IN THE APACHE JAMES MIME4J LIBRARY USED BY IBM WEBSPHERE APPLICATION SERVER LIBERTY WHEN THE FEATURE RESTFULWS-3.0 IS ENABLED (CVE-2022-45787 CVSS 5.5)
|
| IT43678 | SECURITY VULNERABILITIES IN SNAKEYAML AFFECT B2B API OF IBM STERLING B2B INTEGRATOR (CVE-2017-18640, CVE-2022-25857, CVE-2022-38749, CVE-2022-38750, CVE-2022-38751, CVE-2022-38752, CVE-2022-41854, CVE-2022-1471 CVSS 8.3) |
| IT43937 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43308 | SECURITY VULNERABILITIES IN XSTREAM AFFECT IBM STERLING B2B INTEGRATOR (CVEID: CVE-2022-40151, 40152, 40153, 40154, 40155, 40156 CVSS 6.5) |
| IT43649 | SECURITY VULNERABILITIES IN JETTISON AFFECT EBLICS CLIENT OF IBM STERLING B2B INTEGRATOR (CVE-2023-1436, CVSS 5.3) |
| IT43908 | [ALL] APACHE COMMONS FILEUPLOAD (PUBLICLY DISCLOSED VULNERABILITY) (CVE-2023-24998 CVS 7.5) |
| IT43976 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT42806 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43090 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43549 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43522 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43941 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43508 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43138 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43972 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43848 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
Regular Fixes
| APAR | Description |
| IT43905 | MORE CHINESE DASHBOARD UI IS GARBLED IN 6.1.2.1 |
| IT39345 | OBSERVED SLOWNESS IN AS2 WITH LARGE FILE |
| IT43438 | CURRENT PROCESSES AND CENTRAL SEARCH PAGE IS NOT WORKING |
| IT43693 | WITH NIST TRANSITION OR STRICT MODE ENABLED, SSH KNOWN HOST KEY ECDSA-SHA2-NISTP256 KEYS CANNOT BE ENABLED WITH DEFAULTSFTP=1.0 |
| IT43692 | WITH NIST TRANSITION OR STRICT MODE ENABLED, SSH KNOWN HOST KEY ECDSA-SHA2-NISTP256 FAILS TO BE CHECKED IN OR IMPORTED |
| IT43321 | DELETE ROUTINGCHANNEL API RETURNS 400 RESPONSE, ROUTING CHANNEL IS DELETED |
| IT41328 | QUERY ON FG_ROUTE TABLE DOES NOT USE BIND VARIABLES |
| IT43401 | UTF-8 ENCODING FAILS WHILE RUNNING JSON TO XML TRANSFORMER SERVICE |
| IT43734 | ERROR EXCEPTION DECRYPTING PASSPHRASE |
| IT43785 | NOT ABLE TO SEND EMAIL FROM STERLING INTEGRATOR TO MS EXCHANGE ONLINE USING SMTP SEND ADAPTER |
| IT43735 | SI 6.1.1 KEEP GETTING EXCEPTION DECRYPTING PASSPHRASE -JAVAX.CRYPTO.BADPADDINGEXCEPTION: GIVEN FINAL BLOCK NOT PROPERLY PADDED |
| IT43761 | SCP OPTIONS DO NOT SHOW IN SFTP SERVER ADAPTER OF V6.1.2.2 |
| IT43554 | INTERMITTENT SSH HANDSHAKE FAILURES WITH B2BI AS CLIENT <MAVERICK JAR UPGRADE 1.7.51> |
| IT43689 | EXTERNAL PURGE DB2 SQL ERROR: SQLCODE=-805, SQLSTATE=51002, SQLERRMC=NULLID.SYSLH203 |
| IT44027 | UNABLE TO EXPORT/IMPORT OFTP PROFILE IN A SYSTEM USING A DIFFERENT SYSTEM PASSPHRASE |
| IT42218 | ROUTING CHANNEL FOR A GLOBAL MAILBOX PARTNER VIA THE ROUTING CHANNEL REST API WHEN A DC IS DOWN |
| IT41142 | WHEN CREATING ROUTING CHANNELS (VIA RESTAPI) FOR A PRODUCER PARTNER WITH SUBMAILBOXES THE EVENT RULE IS GETTING CREATED FOR THE FIRST SUBMAILBOX ONLY AND NOT THE SUBSEQUENT SUBMAILBOXES, AND THE EVENT RULE LIST ONLY 1 MAILBOX |
| IT43250 | REST API UPDATE TRADING PARTNER API000411 ERROR FOR GLOBAL MAILBOX LISTENING PRODUCER |
| IT43645 | GM IMPORT UTILITY FAILS WITH JAVA.LANG.NOCLASSDEFFOUNDERROR: ORG.APACHE.COMMONS.COLLECTIONS.ARRAYSTACK |
| IT44610 | IDOC META DATA BUILlDER IS LOOPING IN+C84 VERSION 6010201 |
| Link | Date Released | Status |
|---|---|---|
| Download |
February 16, 2024 |
Current |
Security Fixes
| APAR | Description |
| IT44322 | SECURITY VULNERABILITY IN COMMONS-BCEL AFFECT IBM STERLING B2B INTEGRATOR (CVE-2022-42920 CVSS 9.8) |
| IT45063 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44862 | SECURITY VULNERABILITY IN NETTY AFFECTS IBM STERLING B2B INTERGRATOR (CVE-2023-34462 CVSS 6.5) |
| IT44329 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT45062 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44198 |
[ALL] IBM WEBSPHERE MQ - CVE-2023-32342 (PUBLICLY DISCLOSED VULNERABILITY) ( CVSS 5.9)
|
| IT40443 | MISSING SAMESITE ATTRIBUTE IN THE COOKIE GENERATED BY DASHBOARD PAGES |
| IT43976 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44222 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44223 | ADD BOUND TO THE LOOP CONDITION IN BASEUIGLOBALS.ESCAPESPECIFICCHARS FOR THE FINDINGS FROM CHECKMARX |
| IT44899 | XSS SECURITY VULNERABILITY EXISTS IN THE UI OF IBM STERLING FILE GATEWAY (FROM DBS (CVE-2023-47714 CVSS 4.8) |
| IT44144 | XSS SECURITY VULNERABILITY EXISTS IN THE DASHBOARD UI OF IBM STERLING B2B INTEGRATOR FROM DBS |
| IT44091 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44092 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44415 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44287 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44317 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44304 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44312 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44284 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44311 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44283 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT44078 | ECLIPSE JETTY (PUBLICLY DISCLOSED VULNERABILITY) (CVSS 5.3) |
| IT43591 | UPDATE ESAPI-JAR-LEGACY (CVSS 7.5) |
| IT44559 | XSS SECURITY VULNERABILITY EXISTS IN THE DASHBOARD UI OF IBM STERLING B2B INTEGRATOR FROM DBS |
| IT44182 | UPDATE SNAPPY-JAVA IN B2B API (CVSS 7.5) |
| IT44452 | NO WEB SECURITY HTTP RESPONSE HEADERS ARE RETURNED IN THE WEBAPP ON HTTP SERVER ADAPTER IN IBM STERLING B2B INTEGRATOR (CVE-2024-22355) |
| IT44185 | UPDATE STRUTS FOR SECURITY VULNERABILITIES (CVSS 7.5) |
| IT45140 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
| IT43508 | DESCRIPTION IS NOT AVAILABLE (SECURITY/INTEGRITY ISSUE) |
Regular Fixes
| APAR | Description |
| IT44536 | EXCESSIVE TX.LOG INFORMATION AFTER UPGRADING TO STERLING INTEGRATOR 6.1.2.3 |
| IT44524 | DISCEPERANCY IN LISTING USERS IN USER LISTS WHILE SELECTING USER FOR ROUTING RULE/BUSINESS PROCESS |
| IT44651 | OFTP PHYSICAL PARTNER WHILE EDITING, AUTO-CONFIGURE PREVIOUSLY MANUALLY CHOSE CONFIGURATION BY CUSTOMER |
| IT44758 | ROOT DOC SIZE SHOWS 0 BYTES FOR THE FILES UPLOADED FROM MYFILEGATEWAY IN SI VERSION 6.1.2.2 |
| IT44593 | GENERIC EDIFACT OUTBOUND UNH ENVELOPE REGRESSION |
| IT44446 | GETTING "UNDEFINED" MESSAGES WHILE DELETING GROUP WHEN THAT GROUP IS USED IN RCT |
| IT44847 | RETRIEVEERRORSETSUCCESS PARAMETER IN SFTP CLIENT GET SERVICE IS NOT TAKEN INTO ACCOUNT WITH SFTP2.0 |
| IT44213 | SFTP CLIENT GET NOT RETURNING THE DOCUMENT DOWNLOADED TO PRIMARYDOCUMENT WHEN TRANSFER MODE IS SET TO ASCII |
| IT44361 | 404 WHEN ACCESSING MYFILEGATEWAY WITH REBRANDING AFTER UPGRADING TO 6122 |
| IT44443 | NETMAP CORRUPTION WHEN SYNCING |
| IT44023 | EBICS SERVER COF ORDERS ARE NOT VEU ENABLED |
| IT44939 | EC / SERVICES INVESTIGATION - CDSA DB FAILUREOVER "OPTIMIZATION" |
| IT38789 | CUSTOMER_OVERRIDES PROPERTIES IN CUSTOMIZATION-UI / DB ARE NOT DISPLAYED IN QUEUEWATCHER |
| IT44894 | INCORRECT FILENAME WHILE DECRYPTING NATIVE PGP ENCRYPTED FILE |
| IT45025 | EBICS SERVER - COF CANNOT BE CONFIGURED FOR CERTAIN FILE FORMATS WITH HF6 |
| IT45010 | EBICS CLIENT/SERVER - PROCESSING STILL CREATES 16BYTE FILE ON DISC AND LEFT OVER |
| IT44793 | CHANGES DONE USING UPDATE SERVICE INSTANCE REST API DO NOT REFLECT IN THE UI |
| IT44787 | EBICS SERVER - CANNOT VIEW EBICS REQUEST FROM SFG UI WHEN THE BROWSER IS CONFIGURED WITH SPANISH LANGUAGE |
| IT44626 | SAP RFC XML SCHEMA BUILDER DOESN'T WORK IN SI 6123 |
| IT44974 | NOT ABLE TO INSTALL PS IN WIN 2K22 |
| IT44619 | CHANGE URI IN DOCUMENTION FOR SFG FILEGATEWAY_UI.PROPERTIES |
| IT44618 | SFTP CLIENT ERROR IN SERVICE SFTPCLIENTENDSESSION (NULLPOINTEREXCEPTION) SINCE UPGRADE TO B2BI 6114 |
| IT44753 | ROSSETTANET MESSAGE PARSER SERVICE ERROR OUT WITH "COM.TRUSTPOINT.ASN.ASNEXCEPTION: CANNOT FIND CLASS NAME FOR OID: OID 1.2.840.113549.1.9.52" |
| IT44830 | REWORK FIX TO REST API TO NOT GET PERMISSIONS DELETED THROUGH DASHBOARD |
| IT44755 | UNABLE TO DECRYPT SIGNED FILE THROUGH OFTP2 IN 6123 |
| IT44754 | XMLJSONTRANSFORMER 6.1.2.3: UNABLE TO ACCESS OR VERIFY MANDATORY SERVICE PARAMETER |
| IT44247 | EBICS SERVER: OOM WHEN PROCESSING HVZ AND HVU EBICS REQUEST |
| IT44927 | INCORRECT FILENAME WHILE DECRYPTING NATIVE PGP ENCRYPTED FILE |
| IT44566 | ERROR IN CHECKOUT SSH USERIDENTITYKEY AFTER USING CHANGESYSTEMPASSPHRASE.SH IN SI 6120 |
| IT44521 | APAR IT33167 IS NOT PRESENT IN 6.1.2.3 RELEASE |
| IT44356 | CANNOT EDIT CODES AFTER SORTING CODELIST BY SENDER CODE/RECEIVER CODE IN SI V6.1.2.3 |
| IT45011 | EBICS SERVER - HAC PROCESS DOES NOT RETURN ANY EVENTS |
| IT44801 | AS2 PROTOCOL: CANNOT FIND A CLASS THAT CORRESPONDS TO OID 1.2.840.113549.1.1.10 |
| IT45083 | EBICS SERVER - CASCADE DELETE NOT WORKING FOR COF ORDER |
| IT43985 | LOCAL_QUORUM ERROR AND FILE TRANSFERS ARE FAILING |
| IT44494 | PAYLOADPURGE NOT DELETING FILES ON FILESYSTEM ON HORIZON DC |
| IT44417 | HEALTHCHECK TAKES TOO LONG TO PERFORM SHUTTING DOWN CONNECTION TO DC'S |
| IT45164 | LIVENESS PROBE FAILED: STARTING LIVENESS PROBE FOR API - LIBERTY SERVER IS NOT UP |
| IT45162 | EBICS CLIENT LINDE CONNECTIVITY ISSUE FOR HEV |
| IT45234 | EBICS 3.0 NEW CUSTOM BTF SERVICE FAILS |
| IT45119 | GLOBAL MAILBOX HEALTHCHECK MESSAGE GETTING EXPIRED AFTER DEFAULT NUMBER OF DAYS AND LEADING TO HEALTHCHECK FAILURE |
| IT45118 | EBICS SERVER - HKD ORDER TYPE ERROR FOR H003 AND H004 NOT WORKING WITH HF6 |
| IT44045 | EBICS SERVER - HPB FAILING FOR CLIENT IN PROD BECAUSE OF FILE FORMAT |
| IT45284 | UPGRADE TO 6.1.2.2 OR 6.1.2.3, OR INSTALL A FRESH COPY OF 6.1.2.X, THERE ARE 2 CDJAVA.JAR FILES IN DYNAMICCLASSPATH.CFG, THE OLDEST JAR SHOULD BE REMOVED |
[{"Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"ARM Category":[{"code":"a8m50000000CjqAAAS","label":"Sterling File Gateway"}],"Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"6.1.0"}]
Was this topic helpful?
Document Information
Modified date:
03 July 2024
UID
ibm16335211