CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
EPSS
Percentile
83.8%
IBM Jazz for Service Management is vulnerable to to All XStream (Publicly disclosed vulnerability) . XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. This has bundled with activemq-all-5.16.4 jar.
CVEID:CVE-2022-41966
**DESCRIPTION:**XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By manipulating the processed input stream at unmarshalling time, a remote attacker could exploit this vulnerability to replace or inject objects and cause a denial of service.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/243448 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)
Affected Product(s) | Version(s) |
---|---|
Jazz for Service Management | 1.1.3 |
Affected JazzSM Version | Recommended Fix. |
---|---|
Jazz for Service Management versions 1.1.3.* |
The vulnerable Xstream package need to be removed from activemq-all-5.16.4.jar.
Follow the give steps to remove xstream package,
1. Backup the existing activemq-all-xxx.jar located under <JazzSM_HOME>/profile/installedApps/JazzSMNode01Cell/isc.ear/
2. Remove following files and folder with respect to xstream package from activemq-all-5.16.4.jar
- com.sun.istack.XMLStreamReaderToContentHandler.class
- com.sun.xml.bind.v2.runtime.output.StAXExStreamWriterOutput.class
- com.sun.xml.bind.v2.runtime.output.XMLStreamWriterOutput.class
- com.sun.xml.bind.v2.runtime .unmarshaller.StAXExConnector.class
- com.sun.xml.bind.v2.runtime.unmarshaller.StAXStreamConnector.class
- com.sun.xml.bind.v2.runtime.unmarshaller.StAXStreamConnector$1.class
- com.sun.xml.bind.v2.runtime.unmarshaller. UnmarshallerImpl.class
- org.apache.activemq.plugin.SubQueueSelectorCacheBroker$SubSelectorClassObjectInputStream.class
- org.apache.activemq.store.kahadb.MessageDatabase$MessageDatabaseObjectInputStream.class
- org.apache.activemq .transport.http.HttpTransportFactory.class
- org.apache.activemq.transport.http.HttpTransportServer.class
- org.apache.activemq.transport.http.HttpTunnelServlet.class
- org.apache.activemq.transport.stomp.JmsFrameTranslator.class
- org.apache.activemq.transport.stomp.JmsFrameTranslator$1.class
- org.apache.activemq.util.ClassLoadingAwareObjectInputStream.class
- org.apache.activemq.util.XStreamSupport.class
- org.apache.camel.builder.DataFormatClause.class
- org.apache.camel.model
3. Rezip it and restart server
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | jazz_for_service_management | 1.1.3 | cpe:2.3:a:ibm:jazz_for_service_management:1.1.3:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
EPSS
Percentile
83.8%