Lucene search

K
ibmIBMF626B1C8DFCF6E27BABB7D9FEC40C88828FE8F0BBE4A01EE9B80C86023455567
HistoryJun 13, 2022 - 5:15 p.m.

Security Bulletin: IBM Sterling Control Center is vulnerable to a denial of service vulnerability due to Apache Xerces2 Java XML Parser (CVE-2022-23437)

2022-06-1317:15:01
www.ibm.com
5

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.005 Low

EPSS

Percentile

76.6%

Summary

Apache Xerces2 Java XML Parser is used by IBM Sterling Control Center. A denial of service vulnerability in Apache Xerces2 Java XML Parser has been addressed.

Vulnerability Details

CVEID:CVE-2022-23437
**DESCRIPTION:**Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading a victim to open a specially-crafted XML document payloads, a remote attacker could exploit this vulnerability to consume system resources for prolonged duration.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217982 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Sterling Control Center 6.2.1.0
IBM Sterling Control Center 6.2.0.0

Remediation/Fixes

Product

|

Version

|

Remediation

—|—|—

IBM Sterling Control Center

|

6.2.1.0

|

iFix07 available at Fix Central - 6.2.1.0

IBM Sterling Control Center

|

6.2.0.0

|

iFix07 available at Fix Central - 6.2.1.0

OR

iFix18 available on Fix Central - 6.2.0.0

NOTE: This is the last planned 6.2.0.0 iFix release package. Please plan for future Control Center upgrades to 6.2.1.0 iFix07 (or later).

Workarounds and Mitigations

None

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.005 Low

EPSS

Percentile

76.6%

Related for F626B1C8DFCF6E27BABB7D9FEC40C88828FE8F0BBE4A01EE9B80C86023455567