IBM6F562450E8F2A37A392D5521D38E47C11F869BE0D2B51714831BB0992BD243CASecurity Bulletin: Fasterxml jackson-databind vulnerability affect IBM Spectrum Control
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
Summary
Fasterxml jackson-databind is vulnerable to a denial of service. This vulnerability affect IBM Spectrum Control. CVE-2023-35116.
Vulnerability Details
CVEID:CVE-2023-35116
**DESCRIPTION:**Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By persuading a victim to open a specially crafted content, a remote attacker could exploit this vulnerability to cause a denial of service. Note: The vendor disputes the vulnerability because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258157 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Spectrum Control | 5.4.0 - 5.4.11 |
Remediation/Fixes
| Release | First Fixing VRM Level | ** Link to Fix** |
|---|---|---|
| 5.4 | 5.4.12 | <https://www.ibm.com/support/pages/latest-downloads-ibm-spectrum-control> |
Workarounds and Mitigations
None
Affected configurations
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High