7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.023 Low
EPSS
Percentile
89.7%
IBM Sterling File Gateway uses Apache Struts. This bulletin identifies the steps to take to address the vulnerabilities.
CVEID:CVE-2023-34149
**DESCRIPTION:**Apache Struts is vulnerable to a denial of service, caused by a flaw with only handling setProperty() but not getProperty(). By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/257947 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-34396
**DESCRIPTION:**Apache Struts is vulnerable to a denial of service, caused by a flaw when processing Multipart request containing non-file normal form fields. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/257946 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Sterling File Gateway | 6.0.0.0 - 6.0.3.8 |
IBM Sterling File Gateway | 6.1.0.0 - 6.1.0.7, 6.1.1.0 - 6.1.2.3 |
IBM strongly recommends addressing the vulnerability now.
Product | Version | APAR | Remediation & Fix |
---|---|---|---|
IBM Sterling File Gateway | 6.0.0.0 - 6.0.3.8 | IT44185 | Apply 6.0.3.9 |
IBM Sterling File Gateway | 6.1.0.0 - 6.1.0.7, 6.1.1.0 - 6.1.2.3 | IT44185 | Apply 6.1.0.8, 6.1.2.5 or 6.2.0.0 |
The IIM versions of 6.0.3.9, 6.1.0.8 and 6.1.2.5 are available on Fix Central. The IIM version of 6.2.0.0 is available on Passport Advantage
The container version of 6.1.2.5 and 6.2.0.0 are available in IBM Entitled Registry.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm sterling file gateway | eq | 6.0.0.0 | |
ibm sterling file gateway | eq | 6.2.0.0 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.023 Low
EPSS
Percentile
89.7%