CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
65.3%
Security vulnerability have been Identified and addressed in FasterXML jackson-databind library shipped with IBM Sterling Global Mailbox.
CVEID:CVE-2022-42003
**DESCRIPTION:**FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive value deserializers when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. By sending a specially-crafted request using deep wrapper array nesting, a local attacker could exploit this vulnerability to exhaust all available resources.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237662 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Sterling Global Mailbox | 6.0.3.7 |
IBM Sterling Global Mailbox | 6.1.2.0 |
Refer to the following security bulletins for vulnerability details and information about fixes addressed by Jackson Databind which is shipped with Global Mailbox.
Product
|
Version
|
Fix / Remediation
—|—|—
IBM Sterling Global Mailbox
|
6.0.3.7
|
Apply 6.0.3.8
IBM Sterling Global Mailbox
|
6.1.2.0
|
Apply 6.1.2.1
6.0.3.8 is now available on Fix Central -
B2Bi IIM
Fix Central Link: https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=6.0.3.8-OtherSoftware-B2Bi-All&source=SAR
B2Bi Docker
Fix Central Link: https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+B2B+Integrator&fixids=6.0.3.8-OtherSoftware-B2Bi-Docker-All&source=SAR
SFG IIM
Fix Central Link: https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+File+Gateway&fixids=6.0.3.8-OtherSoftware-SFG-All&source=SAR
SFG Docker
Fix Central Link: https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FSterling+File+Gateway&fixids=6.0.3.8-OtherSoftware-SFG-Docker-All&source=SAR
6.1.2.1 IIM & Certified Container is now available on Fix Central -
Sterling B2B Integrator
Sterling File Gateway
Certified Container
Certified Container edition images and Helm charts are now available for download from IBM Entitled Registry (ER) and IBM public chart repository, respectively.
IBM Sterling B2B Integrator V6.1.2.1
cp.icr.io/cp/ibm-b2bi/b2bi:6.1.2.1
<https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-b2bi-prod-2.1.1.tgz>
IBM Sterling File Gateway V6.1.2.1
cp.icr.io/cp/ibm-sfg/sfg:6.1.2.1
None
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
65.3%