CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
Sterling Control Center v6.2.1 is dependent on Apache ActiveMQ, which is vulnerable to CVE-2022-41678.
CVEID:CVE-2022-41678
**DESCRIPTION:**Apache ActiveMQ could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Jolokia component. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/272445 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Control Center | 6.2.1 |
Product
|
Version
|
Remediation
—|—|—
IBM Sterling Control Center
|
6.2.1.0 GA through iFix13
|
6.2.1.0 iFix13 Fix Central - 6.2.1.0
Note: We encourage our customers with EOS v6.1.3.0 and v6.3.0.0 to upgrade to the latest release as they will not be receiving security patches.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | control_center | 6.2.1.0 | cpe:2.3:a:ibm:control_center:6.2.1.0:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High