Lucene search

K
ibmIBM24164D63138835E26730B5EFF1F67A08E2F3A742BD391B31B667B1309546FC6C
HistoryMar 25, 2022 - 5:03 p.m.

Security Bulletin: IBM UrbanCode Build is affected by CVE-2021-42340

2022-03-2517:03:11
www.ibm.com
11

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.019 Low

EPSS

Percentile

88.1%

Summary

IBM UrbanCode Build is affected by CVE-2021-42340

Vulnerability Details

CVEID:CVE-2021-42340
**DESCRIPTION:**Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially-crafted request using OutOfMemoryError, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211354 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM UrbanCode Build 6.1.4.0 - 6.1.7.3

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading to IBM UrbanCode Build version 6.1.7.4 or above.

Affected Supporting Product(s) Remediation/Fix
IBM UrbanCode Build 6.1.4.0 - 6.1.7.3 Download IBM UrbanCode Build 6.1.7.4 – Includes Apache Tomcat 8.5.75

Workarounds and Mitigations

None

CPENameOperatorVersion
rationaleq6.1.7.4

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.019 Low

EPSS

Percentile

88.1%