IBMC41C171EEB146759A981B49D19F8E7426E3EFEA2C625BADD731547E106C888DBSecurity Bulletin: CVE-2021-27568 An issue was discovered in netplex json-smart-v1, an exception is thrown from a function
0.01 Low
EPSS
Percentile
83.4%
Summary
CVE-2021-27568 An issue was discovered in netplex json-smart-v1, an exception is thrown from a function, may cause programs to crash or expose sensitive info
Vulnerability Details
CVEID:CVE-2021-27568
**DESCRIPTION:**Netplex json-smart-v1 and json-smart-v2 are vulnerable to a denial of service, caused by an uncaught exception flaw in NumberFormatException. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause the library to crash or obtain sensitive information.
CVSS Base score: 9.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197316 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| UCD - IBM UrbanCode Deploy | 7.1.1.1 |
| UCD - IBM UrbanCode Deploy | 7.0.5.3 |
| UCD - IBM UrbanCode Deploy | 7.1.1.2 |
| UCD - IBM UrbanCode Deploy | 7.1.1.0 |
| UCD - IBM UrbanCode Deploy | 7.1.0.0 |
| UCD - IBM UrbanCode Deploy | 7.0.5.4 |
| UCD - IBM UrbanCode Deploy | 7.0.4.0 |
| UCD - IBM UrbanCode Deploy | 7.0.3.0 |
Remediation/Fixes
Upgrade to 7.1.2.2, 7.2.0.0
https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&function=fixId&fixids=7.1.2.2-IBM-UrbanCode-Deploy
https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&function=fixId&fixids=7.2.0.0-IBM-UrbanCode-Deploy
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm urbancode deploy | eq | 7.1.0.0 |
Related
0.01 Low
EPSS
Percentile
83.4%