7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
58.8%
Data mapper for Jackson is shipped with IBM Sterling Global Mailbox. Sensitive information exposure due to XXE error impacts Data mapper for Jackson. Remediation is available for the issues.
CVEID:CVE-2019-10172
**DESCRIPTION:**Jackson-mapper-asl could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By sending a specially-crafted XML data, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172436 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Global High Availability Mailbox | 6.0.x |
IBM Global High Availability Mailbox | 6.1.x |
Refer to the following security bulletins for vulnerability details and information about fixes addressed Data Mapper for Jackson library which is/are shipped with Global Mailbox.
Product(s)
|
Version(s)
|
Instructions
—|—|—
IBM Global High Availability Mailbox
|
6.0.3.5
| See B2Bi v6.0.3.5 section below
IBM Global High Availability Mailbox| 6.1.0.3| See B2Bi v6.1.0.3 section below
IBM Global High Availability Mailbox| 6.1.1.0| See B2Bi v6.1.1.0 section below
B2Bi v6.0.3.5 -
IIM
Sterling B2B Integrator
Sterling File Gateway
Docker
Sterling B2B Integrator
Sterling File Gateway
B2Bi v6.1.1.0 -
Documentation Link <https://www.ibm.com/docs/en/b2b-integrator/6.1.1>
What’s New in 6.1.1.0 <https://www.ibm.com/docs/en/b2b-integrator/6.1.1?topic=integrator-whats-new-in-6110>
Note:-
B2Bi v6.1.0.3 -
Sterling B2B Integrator
Sterling File Gateway
Certified Container edition images and Helm charts are now available for download from IBM Entitled Registry (ER) and IBM public chart repository, respectively.
IBM Sterling B2B Integrator V6.1.0.3
cp.icr.io/cp/ibm-b2bi/b2bi:6.1.0.3
<https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-b2bi-prod-2.0.3.tgz>
IBM Sterling File Gateway V6.1.0.3
cp.icr.io/cp/ibm-sfg/sfg:6.1.0.3
<https://github.com/IBM/charts/blob/master/repo/ibm-helm/ibm-sfg-prod-2.0.3.tgz>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm global high availability mailbox | eq | 6.1.1.0 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
58.8%