Lucene search

K
ibmIBMF0724B3A07EDFBE8BF858B3835F24951F3E2D45ED803AC17753BAF29F3496A76
HistoryFeb 20, 2020 - 7:54 p.m.

Security Bulletin: IBM API Connect V5 is impacted by a denial of service vulnerability in Linux kernel (CVE-2019-11477)

2020-02-2019:54:09
www.ibm.com
9

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.972 High

EPSS

Percentile

99.8%

Summary

IBM API Connect has addressed the following vulnerability.

Vulnerability Details

CVEID:CVE-2019-11477
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an integer overflow when processing TCP Selective Acknowledgement (SACK) capabilities. By sending specially-crafted SACKs requests, a remote attacker could exploit this vulnerability to cause a kernel panic condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/162662 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM API Connect 5.0.0.0-5.0.8.7

Remediation/Fixes

Affected Product Addressed in VRMF APAR Remediation/First Fix

IBM API Connect

V5.0.0.0-5.0.8.7

| V5.0.8.7-ifix3 |

LI81361

|

Addressed in IBM API Connect V5.0.8.7 iFix released on January 26, 2020 or later.

Management server is impacted.

Follow this link and find the β€œManagement” package appropriate for your installation.

http://www.ibm.com/support/fixcentral/swg/quickorder

Workarounds and Mitigations

None

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.972 High

EPSS

Percentile

99.8%