Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9812339E49C50429A2029C7593135E82DCC0B25985C484D6169893EB248E765B
HistoryFeb 19, 2024 - 8:15 a.m.

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2023-35116)

2024-02-1908:15:33
www.ibm.com
3
ibm sterling connect:direct
denial of service
fasterxml jackson-databind
cve-2023-35116
upgrade
version 6.1.0.23
version 6.2.0.22

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.6%

JSON

Summary

IBM Sterling Connect:Direct Web Services uses FasterXML jackson-databind. This bulletin identifies the steps to take to address the vulnerabilities.

Vulnerability Details

CVEID:CVE-2023-35116
**DESCRIPTION:**Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By persuading a victim to open a specially crafted content, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258157 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Sterling Connect:Direct Web Services 6.1.0
IBM Sterling Connect:Direct Web Services 6.2.0
IBM Sterling Connect:Direct Web Services 6.0

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading …

Product(s)|Version(s)|**Remediation
**
—|—|—
IBM Sterling Connect:Direct Web Services| 6.1| Apply 6.1.0.23, available on Fix Central
IBM Sterling Connect:Direct Web Services| 6.2| Apply 6.2.0.22, available on Fix Central
IBM Sterling Connect:Direct Web Service| 6.0| Upgrade to 6.1.0.23 or 6.2.0.22

Workarounds and Mitigations

None

Related

ibm 24
ubuntucve 1
redhatcve 1
nessus 8
debiancve 1
cve 1
prion 1
cvelist 1
redhat 5
oracle 2
ibm
ibm
Security Bulletin: Due to the use of jackson-databind, IBM CICS Transaction Gateway for Multiplatforms is vulnerable to a denial of service (CVE-2023-35116).
2024-02-21 09:45:39
Security Bulletin: IBM Spectrum Symphony with Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow
2024-02-28 16:01:26
Security Bulletin: Vulnerability CVE-2023-35116 affects CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.
2023-10-16 16:34:06
ubuntucve
ubuntucve
CVE-2023-35116
2023-06-14 00:00:00
redhatcve
redhatcve
CVE-2023-35116
2023-08-22 17:50:09
nessus
nessus
Amazon Linux 2023 : jackson-core (ALAS2023-2023-248)
2023-07-20 00:00:00
Oracle Identity Manager (Apr 2024 CPU)
2024-04-23 00:00:00
Oracle Business Intelligence Enterprise Edition (April 2024 CPU)
2024-04-19 00:00:00
debiancve
debiancve
CVE-2023-35116
2023-06-14 14:15:00
cve
cve
CVE-2023-35116
2023-06-14 14:15:10
prion
prion
Code injection
2023-06-14 14:15:00
cvelist
cvelist
CVE-2023-35116
2023-06-14 00:00:00
redhat
redhat
(RHSA-2024:2707) Important: Red Hat Build of Apache Camel security update
2024-05-06 14:08:42
(RHSA-2023:5396) Moderate: Red Hat Data Grid 8.4.4 security update
2023-09-28 11:54:13
(RHSA-2024:0777) Important: jenkins and jenkins-2-plugins security update
2024-02-12 10:20:42
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.6%

JSON
Related for 9812339E49C50429A2029C7593135E82DCC0B25985C484D6169893EB248E765B
ibm24ubuntucve1redhatcve1nessus8debiancve1cve1prion1cvelist1redhat5oracle2