Lucene search

K
ibmIBM1F1B6904959C9A5849E225CAC29BC6850496F1E6C5BC9C8B8A7D123B0EEF6CBC
HistorySep 29, 2023 - 11:47 a.m.

Security Bulletin: Vulnerabilities in XStream library affects IBM Engineering Test Management (ETM) (CVE-2022-40151)

2023-09-2911:47:50
www.ibm.com
22
ibm etm
xstream library
cve-2022-40151
denial of service
buffer overflow
upgrade
ifix23
ifix25

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.008

Percentile

82.2%

Summary

This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability.

Vulnerability Details

CVEID:CVE-2022-40151
**DESCRIPTION:**XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236354 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
ETM 7.0.1
ETM 7.0.2

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading and applying the suggested fix that uses upgraded version of XStream.

Suggested :

Product(s)|**Version(s)
**|Remediation/Fix/Instructions
—|—|—
Engineering Test Management | 7.0.1|

Download and apply ETM 7.0.1 iFix23 from Fix Central here

Engineering Test Management | 7.0.2| Download and apply ETM 7.0.2 iFix25 from Fix Central here

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmengineering_test_managementMatch7.0.2
OR
ibmengineering_test_managementMatch7.0.1

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.008

Percentile

82.2%