5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.7 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%
B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path (CVE-2023-51074). IBM Sterling B2B Integrator has remediated this vulnerabilty; Follow steps identified in Remediation/Fixes section to address vulnerability in your environment.
CVEID:CVE-2023-51074
**DESCRIPTION:**json-path is vulnerable to a denial of service, caused by a stack-based buffer overflow in the Criteria.parse method. By sending a specially crafted input, a remote attacker could exploit this vulnerability to cause an uncontrolled recursion, and results in a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/276174 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Sterling B2B Integrator | 6.2.0.0 - 6.2.0.1 |
IBM strongly recommends addressing the vulnerability now.
Product | Version | APAR | Remediation & Fix |
---|---|---|---|
IBM Sterling B2B Integrator | 6.2.0.0 - 6.2.0.1 | IT45707 | Apply B2BI 6.2.0.2 |
The IIM versions of 6.2.0.2 is available on Fix Central.
The container version of 6.2.0.2 is available in IBM Entitled Registry.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm sterling b2b integrator | eq | 6.2. |
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.7 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%