7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
67.3%
IBM Sterling Order Management use Apache Commons BeanUtils and are affected by some of the vulnerabilities that exist in this component.
CVEID:CVE-2019-10086
**DESCRIPTION:**Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the classloader.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/166353 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Sterling Order Management | 10.0 |
IBM Sterling Order Management | 9.5 |
IBM Sterling Order Management | 9.4 |
The recommended solution is to apply the security fix pack (SFP) as soon as practical. Please see below for information about the available fixes.
Product
|
_Security Fix Pack_*
|
How to acquire fix
—|—|—
IBM Sterling Order Management 9.4.0
|
9.4.0-SFP6
|
_ _
Select appropriate VRMF
IBM Sterling Order Management 9.5.0
|
9.5.0-SFP5
_ _
Select appropriate VRMF
IBM Sterling Order Management 10.0
|
10.0-SFP2
|
_ _
Select appropriate VRMF
None
CPE | Name | Operator | Version |
---|---|---|---|
sterling order management | eq | 9.4 | |
sterling order management | eq | 9.5 | |
sterling order management | eq | 10.0 |
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
67.3%