7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
37.9%
A security vulnerability has been identified and addressed in Apache CXF shipped with IBM Sterling Global Mailbox.
CVEID:CVE-2022-46363
**DESCRIPTION:**Apache CXF could allow a remote attacker to obtain sensitive information, caused by a flaw when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform directory listing or code exfiltration, and use this information to launch further attacks against the affected system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242009 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Sterling Global Mailbox | 6.1.2 |
IBM Sterling Global Mailbox | 6.0.3 |
Product
|
Version
|
Fix / Remediation
—|—|—
IBM Sterling Global Mailbox
|
6.0.3
|
Apply 6.0.3.8
IBM Sterling Global Mailbox
|
6.1.2
| Apply 6.1.2.2
6.0.3.8 is now available on Fix Central -
B2Bi IIM
Fix Central Link:https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=6.0.3.8-OtherSoftware-B2Bi-All&source=SAR
B2Bi Docker
Fix Central Link: https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=6.0.3.8-OtherSoftware-B2Bi-Docker-All&source=SAR
SFG IIM
Fix Central Link: https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+File+Gateway&fixids=6.0.3.8-OtherSoftware-SFG-All&source=SAR
SFG Docker
Fix Central Link: https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+File+Gateway&fixids=6.0.3.8-OtherSoftware-SFG-Docker-All&source=SAR
6.1.2.2 IIM & Certified Container is now available on Fix Central -
B2Bi IIM
Fix Central Link: https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=6.1.2.2-OtherSoftware-B2Bi-All&source=SAR
JDK for B2Bi
Fix Central Link: https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=8.0.7.15-JavaSE-SDK-B2Bi-6122&source=SAR
SFG IIM
Fix Central Link: https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+File+Gateway&fixids=6.1.2.2-OtherSoftware-SFG-All&source=SAR
JDK for SFG
Fix Central Link: https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+File+Gateway&fixids=8.0.7.15-JavaSE-SDK-sfg-6122&source=SAR
Certified Container
Certified Container edition images and Helm charts are now available for download from IBM Entitled Registry (ER) and IBM public chart repository, respectively.
IBM Sterling B2B Integrator V6.1.2.2
IBM Sterling File Gateway V6.1.2.2
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm global high availability mailbox | eq | 6.0.2 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
37.9%