Lucene search

K
ibmIBM8DE2E6E735F4C865DFF522FC1476032743D235229E5B6DE14A486A6D7ABC31A4
HistoryFeb 20, 2023 - 7:23 a.m.

Security Bulletin: IBM B2B Advanced Communications is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2018-1000873)

2023-02-2007:23:40
www.ibm.com
25
denial of service
ibm b2b advanced communications
fasterxml jackson-databind
cve-2018-1000873
vulnerabilities
fix pack

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.9

Confidence

High

EPSS

0.005

Percentile

76.8%

Summary

IBM B2B Advanced Communications has addressed vulnerabilities in FasterXML jackson-databind shipped with product.

Vulnerability Details

**CVEID:**CVE-2018-1000873 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by improper input validation by the nanoseconds time value field. By persuading a victim to deserialize specially-crafted input, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/154804 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM B2B Advanced Communications 1.0.0.x
IBM Multi-Enterprise Integration Gateway 1.0.0.1

Remediation/Fixes

**Product ** Version Remediation
IBM B2B Advanced Communications 1.0.0.x Apply fix pack 1.0.0.8
IBM Multi-Enterprise Integration Gateway 1.0.0.1 Apply fix pack 1.0.0.8

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmulti-enterprise_integration_gatewayMatch1.0.0.7
OR
ibmmulti-enterprise_integration_gatewayMatch1.0.0.8
VendorProductVersionCPE
ibmmulti-enterprise_integration_gateway1.0.0.7cpe:2.3:a:ibm:multi-enterprise_integration_gateway:1.0.0.7:*:*:*:*:*:*:*
ibmmulti-enterprise_integration_gateway1.0.0.8cpe:2.3:a:ibm:multi-enterprise_integration_gateway:1.0.0.8:*:*:*:*:*:*:*

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.9

Confidence

High

EPSS

0.005

Percentile

76.8%

Related for 8DE2E6E735F4C865DFF522FC1476032743D235229E5B6DE14A486A6D7ABC31A4