Lucene search

IBME207BD8C52EABCCEF048A41EF014D524492F20E25BE67E17B9467FA1DA01D6D1

HistoryJun 07, 2024 - 2:47 p.m.

Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path (CVE-2023-51074)

2024-06-0714:47:44

www.ibm.com

ibm sterling b2b integrator

vulnerability

denial of service

json-path

cve-2023-51074

remediation

version 6.2.0.0

version 6.2.0.1

apar it45707

b2bi 6.2.0.2

iim versions 6.2.0.2

fix central

ibm entitled registry

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Summary

B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path (CVE-2023-51074). IBM Sterling B2B Integrator has remediated this vulnerabilty; Follow steps identified in Remediation/Fixes section to address vulnerability in your environment.

Vulnerability Details

CVEID:CVE-2023-51074
**DESCRIPTION:**json-path is vulnerable to a denial of service, caused by a stack-based buffer overflow in the Criteria.parse method. By sending a specially crafted input, a remote attacker could exploit this vulnerability to cause an uncontrolled recursion, and results in a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/276174 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Sterling B2B Integrator	6.2.0.0 - 6.2.0.1

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Product	Version	APAR	Remediation & Fix
IBM Sterling B2B Integrator	6.2.0.0 - 6.2.0.1	IT45707	Apply B2BI 6.2.0.2

The IIM versions of 6.2.0.2 is available on Fix Central.

The container version of 6.2.0.2 is available in IBM Entitled Registry.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsterling_b2b_integratorMatch6.2.

CPENameOperatorVersion
ibm sterling b2b integratoreq6.2.

CPE	Name	Operator	Version
	ibm sterling b2b integrator	eq	6.2.

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for E207BD8C52EABCCEF048A41EF014D524492F20E25BE67E17B9467FA1DA01D6D1