NEWS 2024 T1 IBM Sterling B2B Integrator is vulnerable to denial of service due to Apache Commons FileUpload

Integration News

IBM Sterling B2B Integrator is vulnerable to denial of service due to Apache Commons FileUpload

IBM Sterling B2B Integrator uses Apache Commons FileUpload.

Vulnerability Details

CVEID: CVE-2023-24998

Description: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: Click here.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Remediation/Fixes

The IIM versions of 6.0.3.9, 6.1.0.8 and 6.1.2.3 are available on Fix Central. The IIM version of 6.2.0.0 is available on Passport Advantage.

The container version of 6.1.2.3 and 6.2.0.0 are available in IBM Entitled Registry.

Workarounds and Mitigations

None.

Click on the button below to download this newsletter in Pdf format.