Lucene search

K
ibmIBM51FBBA5B846EEFE2F7F56079A69133FA26B75AA750ECE9484CB55F5173E4787D
HistoryJan 31, 2024 - 9:00 a.m.

Security Bulletin: IBM Sterling Control Center is vulnerable to denial of service attack due to Apache Axis (CVE-2023-40743)

2024-01-3109:00:02
www.ibm.com
11
ibm sterling control center
apache axis
cve-2023-40743
vulnerability
fix
remote attacker
denial of service
input validation
ssrf

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8

Confidence

High

EPSS

0.003

Percentile

69.6%

Summary

IBM Sterling Control Center uses Apache Axis. This bulletin identifies the steps to take to address the vulnerability.

Vulnerability Details

CVEID:CVE-2023-40743
**DESCRIPTION:**Apache Axis could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation by the ServiceFactory.getService function. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code, cause a denial of service or perform SSRF attacks.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265157 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Sterling Control Center 6.3.0

Remediation/Fixes

Product

|

Version

|

Remediation

—|—|—

IBM Sterling Control Center

|

6.3.0.0 GA through iFix04

|

6.3.0.0 iFix05 Fix Central - 6.3.0.0

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcontrol_centerMatch6.3.0.0

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8

Confidence

High

EPSS

0.003

Percentile

69.6%