The Document Service Container in IBM Sterling B2B Integrator is vulnerable to a denial of service due to jackson-core (256137). IBM Sterling B2B Integrator has addressed the vulnerabilty in the Remediation/Fixes section of this bulletin.
**IBM X-Force ID:**256137
**DESCRIPTION:**FasterXML Jackson Core is vulnerable to a denial of service, caused by improper input validation by the StreamReadConstraints value field. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256137 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Sterling B2B Integrator | 6.2.0.0 - 6.2.0.1 |
IBM strongly recommends addressing the vulnerability now.
Product | Version | APAR | Remediation & Fix |
---|---|---|---|
IBM Sterling B2B Integrator | 6.2.0.0 - 6.2.0.1 | IT46321 | Apply B2BI 6.2.0.2 |
The IIM versions of 6.2.0.2 is available on Fix Central.
The container version of 6.2.0.2 is available in IBM Entitled Registry.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm sterling b2b integrator | eq | 6.2. |