8.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
0.05 Low
EPSS
Percentile
92.9%
IBM Global Mailbox has addressed a remote code execution in Apache Cassandra.
CVEID:CVE-2021-44521
**DESCRIPTION:**Apache Cassandra could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw when include configurations for enable_user_defined_functions: true, enable_scripted_user_defined_functions: true, and enable_user_defined_functions_threads: flase. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219451 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Sterling Global Mailbox | 6.1 |
IBM Sterling Global Mailbox | 6.0 |
Refer to the following security bulletins for vulnerability details and information about fixes addressed by Apache Zookeeper which is/are shipped with Global Mailbox.
Product and Version(s)
|
Version
|
Remediation
—|—|—
IBM Sterling Global Mailbox
|
6.0, 6.1
| Apply fix pack 6.1.2.1.
Fix Central Images
Sterling B2B Integrator
Sterling File Gateway
Certified Container
Certified Container edition images and Helm charts are now available for download from IBM Entitled Registry (ER) and IBM public chart repository, respectively.
IBM Sterling B2B Integrator V6.1.2.1
IBM Sterling File Gateway V6.1.2.1
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm global high availability mailbox | eq | 6.1.2 |
8.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
0.05 Low
EPSS
Percentile
92.9%