IBM Sterling B2B Integrator uses Apache Commons FileUpload.
CVEID:CVE-2023-24998
**DESCRIPTION:**Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247895 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Sterling B2B Integrator | 6.0.0.0 - 6.0.3.8 |
IBM Sterling B2B Integrator | 6.1.0.0 - 6.1.0.7, 6.1.1.0 - 6.1.1.4 and 6.1.2.0 - 6.1.2.2 |
IBM strongly recommends addressing the vulnerability now.
Product | Version | APAR | Remediation & Fix |
---|---|---|---|
IBM Sterling B2B Integrator | 6.0.0.0 - 6.0.3.8 | IT43908 | Apply 6.0.3.9 |
IBM Sterling B2B Integrator | 6.1.0.0 - 6.1.0.7, 6.1.1.0 - 6.1.1.4 and 6.1.2.0 - 6.1.2.2 | IT43908 | Apply 6.1.0.8, 6.1.2.3 or 6.2.0.0 |
The IIM versions of 6.0.3.9, 6.1.0.8 and 6.1.2.3 are available on Fix Central. The IIM version of 6.2.0.0 is available on Passport Advantage
The container version of 6.1.2.3 and 6.2.0.0 are available in IBM Entitled Registry.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm sterling b2b integrator | eq | 6.0.0.0 | |
ibm sterling b2b integrator | eq | 6.2.0.0 |