Integration News
IBM Sterling B2B Integrator is vulnerable to denial of service due to Apache Commons FileUpload
IBM Sterling B2B Integrator uses Apache Commons FileUpload.
Vulnerability Details
CVEID: CVE-2023-24998
Description: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: Click here.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
Remediation/Fixes
The IIM versions of 6.0.3.9, 6.1.0.8 and 6.1.2.3 are available on Fix Central. The IIM version of 6.2.0.0 is available on Passport Advantage.
The container version of 6.1.2.3 and 6.2.0.0 are available in IBM Entitled Registry.
Workarounds and Mitigations
None.
Click on the button below to download this newsletter in Pdf format.