Lucene search

K
ibmIBMA94E068C24C78B4A5B7961358AECEA5B087FDEC7BD8E653A9BF42BA988AF25EA
HistoryNov 22, 2022 - 7:55 a.m.

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to remote code execution due to Apache Commons Text (CVE-2022-42889)

2022-11-2207:55:18
www.ibm.com
167
ibm sterling connect:direct
file agent
remote code execution
apache commons text
cve-2022-42889
vulnerability
ibm
it42065
ifix029

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.971

Percentile

99.8%

Summary

There is a vulnerability in Apache Commons Text used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE [CVE-2022-42889].

Vulnerability Details

**CVEID:**CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238560 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Sterling Connect:Direct File Agent 1.4.0.0 - 1.4.0.2_iFix028

Remediation/Fixes

Product(s) Version(s) APAR Remediation / Fix
IBM Sterling Connect:Direct File Agent 1.4.0.0 - 1.4.0.2_iFix028 IT42065 Apply 1.4.0.2_iFix029, available on IBM Fix Central

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsterling_connect\Matchdirect1.4
VendorProductVersionCPE
ibmsterling_connect\directcpe:2.3:a:ibm:sterling_connect\:direct:1.4:*:*:*:*:*:*:*

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.971

Percentile

99.8%