CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
99.8%
Sterling Control Center v6.2.1 is dependent on Apache ActiveMQ, which is vulnerable to CVE-2023-46604.
CVEID:CVE-2023-46604
**DESCRIPTION:**Apache ActiveMQ and ActiveMQ Legacy OpenWire Module could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the class types in the OpenWire protocol. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/269795 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Control Center | 6.2.1 |
IBM Control Center | 6.3.0 |
Product
|
Version
|
Remediation
—|—|—
IBM Sterling Control Center
|
6.2.1.0 GA through iFix13
|
6.2.1.0 iFix13 Fix Central - 6.2.1.0
IBM Sterling Control Center
|
6.3.0.0 GA through iFix06
|
6.3.0.0 iFix06 Fix Central - 6.3.0.0
Note: We encourage our customers with EOS v6.1.3.0 and v6.3.0.0 to upgrade to the latest release as they will not be receiving security patches.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | control_center | 6.2.1.0 | cpe:2.3:a:ibm:control_center:6.2.1.0:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
99.8%