Lucene search

K
ibmIBM7BC6922E383C46272965C9C79A296F62FCFB9896001870EE7925727CFA722E67
HistoryJan 06, 2023 - 3:13 a.m.

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to FasterXML jackson-databind (CVE-2022-42003)

2023-01-0603:13:08
www.ibm.com
11
ibm sterling connect:direct
fasterxml jackson-databind
cve-2022-42003
denial of service
6.2 base score
6.0.0.12 fix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

65.3%

Summary

IBM Sterling Connect:Direct Web Services is vulnerable to FasterXML jackson-databind

Vulnerability Details

CVEID:CVE-2022-42003
**DESCRIPTION:**FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive value deserializers when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. By sending a specially-crafted request using deep wrapper array nesting, a local attacker could exploit this vulnerability to exhaust all available resources.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237662 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Sterling Connect:Direct Web Services 1.0
IBM Sterling Connect:Direct Web Services 6.1.0
IBM Sterling Connect:Direct Web Services 6.2.0
IBM Sterling Connect:Direct Web Services 6.0

Remediation/Fixes

Product(s)|Version(s)|**Remediation
**
—|—|—
IBM Sterling Connect:Direct Web Services| 1.0| Apply 6.0.0.12, available on Fix Central
IBM Sterling Connect:Direct Web Services| 6.0| Apply 6.0.0.12, available on Fix Central
IBM Sterling Connect:Direct Web Services| 6.1| Apply 6.1.0.16, available on Fix Central
IBM Sterling Connect:Direct Web Services| 6.2| Apply 6.2.0.12, available on Fix Central

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsterling_connect\Matchdirect6.0

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

65.3%