Lucene search
IBMF64049D846F95697C907A331FB8BF4E887531D1D35CA9D0B5C14C442E021B966HistoryMar 12, 2024 - 5:33 p.m.
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to Hutool (CVE-2022-45688)
2024-03-1217:33:14
www.ibm.com
6
ibm sterling partner engagement manager
denial of service
hutool
vulnerability
upgrade
buffer overflow
Summary
IBM Sterling Partner Engagement Manager uses Hutool. This bulletin identifies the steps to take to address the vulnerability.
Vulnerability Details
CVEID:CVE-2022-45688
**DESCRIPTION:**Hutool is vulnerable to a denial of service, caused by stack-based buffer overflow. By persuading a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242881 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Sterling Partner Engagement Manager | 6.2.2 |
| IBM Sterling Partner Engagement Manager | 6.1.2 |
| IBM Sterling Partner Engagement Manager | 6.2.0 |
Remediation/Fixes
IBM strongly recommends addressing the vulnerability now by upgrading …
| Product | Version | Remediation |
|---|---|---|
| IBM Sterling Partner Engagement Manager Essentials Edition | 6.2.2.2 | Link |
| IBM Sterling Partner Engagement Manager Standard Edition | 6.2.2.2 | Link |
| IBM Sterling Partner Engagement Manager Essentials Edition | 6.1.2.9 | Link |
| IBM Sterling Partner Engagement Manager Standard Edition | 6.1.2.9 | Link |
| IBM Sterling Partner Engagement Manager Essentials Edition | 6.2.0.7 | Link |
| IBM Sterling Partner Engagement Manager Standard Edition | 6.2.0.7 | Link |
Workarounds and Mitigations
None
CPE configuration
ibmmulti\-enterprise_integration_gatewayMatch6.2.2.2
ORibmmulti\-enterprise_integration_gatewayMatch6.1.2.9
ORibmmulti\-enterprise_integration_gatewayMatch6.2.0.7
Related
gitlab
gitlab
hutool-json stack overflow vulnerability
2022-12-13 00:00:00
atlassian
atlassian
DoS (Denial of Service) org.json:json Dependency in Jira Software Data Center and Server
2024-02-14 10:45:52
hutool-json Vulnerability in Bitbucket Data Center and Server
2023-10-04 19:45:14
veracode
veracode
Denial Of Service (DoS)
2022-12-14 05:26:26
broadcom
broadcom
ibm
ibm
prion
prion
Stack overflow
2022-12-13 15:15:00
osv
osv
json stack overflow vulnerability
2022-12-13 15:30:26
CVE-2022-45688
2022-12-13 15:15:11
cvelist
cvelist
CVE-2022-45688
2022-12-13 00:00:00
github
github
json stack overflow vulnerability
2022-12-13 15:30:26
cve
cve
CVE-2022-45688
2022-12-13 15:15:11
nessus
nessus
Oracle Business Process Management Suite (Oct 2023 CPU)
2023-11-17 00:00:00
Oracle Primavera Gateway (October 2023 CPU)
2023-10-18 00:00:00
Oracle Java SE Multiple Vulnerabilities (July 2023 CPU)
2023-07-19 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
30.6%
Related for F64049D846F95697C907A331FB8BF4E887531D1D35CA9D0B5C14C442E021B966