CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
62.4%
Lightbend Spray spray-json is used by IBM Application Performance Management.
CVEID:CVE-2018-18854
**DESCRIPTION:**Lightbend Spray spray-json is vulnerable to a denial of service, caused by an error during the parsing of many JSON object fields. By sending a specially-crafted object, a remote attacker could exploit this vulnerability to consume all available resources.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/152330 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2018-18853
**DESCRIPTION:**Lightbend Spray spray-json is vulnerable to a denial of service, caused by an error during the parsing of a field composed of many decimal digits. By sending a specially-crafted object, a remote attacker could exploit this vulnerability to consume all available resources.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/152331 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2018-18855
**DESCRIPTION:**spray spray-json is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in the JsonParser. By imposing a configurable limit on the depth, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234265 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud APM, Base Private | 8.1.4 |
IBM Cloud APM, Advanced Private | 8.1.4 |
IBM Cloud Application Performance Management, Base Private
IBM Cloud Application Performance Management, Advanced Private| 8.1.4|
The vulnerability can be remediated by applying the following 8.1.4.0-IBM-APM-SERVER-IF0014 or later server patch to the system where the Cloud APM server is installed: <https://www.ibm.com/support/pages/node/7028410>
—|—|—
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | application_performance_management | 8.1.3 | cpe:2.3:a:ibm:application_performance_management:8.1.3:*:*:*:*:*:*:* |
ibm | application_performance_management | 8.1.4 | cpe:2.3:a:ibm:application_performance_management:8.1.4:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
62.4%