Lucene search

K
ibmIBM8CCC6846950CC8AB488FF6E7558B37A83800789012963B88AF0427DEFA7E37FB
HistoryFeb 09, 2022 - 4:25 p.m.

Security Bulletin: IBM UrbanCode Build is affected by CVE-2021-41079

2022-02-0916:25:24
www.ibm.com
13

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

76.9%

Summary

IBM UrbanCode Build is affected by CVE-2021-41079

Vulnerability Details

CVEID:CVE-2021-41079
**DESCRIPTION:**Apache Tomcat is vulnerable to a denial of service, caused by improper input validation of TLS packets. By sending a specially-crafted TLS packet, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/209450 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM UrbanCode Build 6.1.4.0 - 6.1.7.1

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading to IBM UrbanCode Build version 6.1.7.2 or above.

Affected Supporting Product(s) Remediation/Fix
IBM UrbanCode Build 6.1.4.0 - 6.1.7.2 Download IBM UrbanCode Build 6.1.7.3 – Includes Tomcat 8.5.69

Workarounds and Mitigations

None

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

76.9%