IBMBF1F56F5290CB35E1EA0114B94F23A2DBE685AE844A6BD2120FEE9BCF1C4FA9ASecurity Bulletin: IBM Sterling B2B Integrator - The Document Service Container in IBM Sterling B2B Integrator is vulnerable to denial of service due to jackson-core (256137)
6.9 Medium
AI Score
Confidence
High
Summary
The Document Service Container in IBM Sterling B2B Integrator is vulnerable to a denial of service due to jackson-core (256137). IBM Sterling B2B Integrator has addressed the vulnerabilty in the Remediation/Fixes section of this bulletin.
Vulnerability Details
**IBM X-Force ID:**256137
**DESCRIPTION:**FasterXML Jackson Core is vulnerable to a denial of service, caused by improper input validation by the StreamReadConstraints value field. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256137 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Sterling B2B Integrator | 6.2.0.0 - 6.2.0.1 |
Remediation/Fixes
IBM strongly recommends addressing the vulnerability now.
| Product | Version | APAR | Remediation & Fix |
|---|---|---|---|
| IBM Sterling B2B Integrator | 6.2.0.0 - 6.2.0.1 | IT46321 | Apply B2BI 6.2.0.2 |
The IIM versions of 6.2.0.2 is available on Fix Central.
The container version of 6.2.0.2 is available in IBM Entitled Registry.
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm sterling b2b integrator | eq | 6.2. |
6.9 Medium
AI Score
Confidence
High