CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
EPSS
Percentile
83.8%
XStream is used in ITNCM to serialize XML data and may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by causing a stackoverflow. This effect may support a denial of service attack (CVE-2022-41966) .
CVEID:CVE-2022-41966
**DESCRIPTION:**XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By manipulating the processed input stream at unmarshalling time, a remote attacker could exploit this vulnerability to replace or inject objects and cause a denial of service.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/243448 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)
Affected Product(s) | Version(s) |
---|---|
ITNCM | 6.4.2 |
Affected Product(s) | Version(s) | Remediation |
---|---|---|
ITNCM | 6.4.2 | Upgrade to ITNCM 6.4.2 Fix Pack 19 (6.4.2.19) |
ITNCM 6.4.2 Fix Pack 19 can be downloaded from Fix Central: 6.4.2-TIV-ITNCM-FP019
None
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
EPSS
Percentile
83.8%