IBM App Connect Enterprise & IBM Integration Bus are vulnerable to a denial of service due to zlib. The fix includes zlib 1.2.12.
CVEID:CVE-2018-25032
**DESCRIPTION:**Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many distant matches, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222615 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM App Connect Enterprise | 12.0.0.0 - 12.0.5.0 |
IBM App Connect Enterprise | 11.0.0.0 - 11.0.0.18 |
IBM Integration Bus | 10.0.0.0 - 10.0.0.26 |
IBM strongly recommends addressing the vulnerability now by applying the appropriate fix to IBM App Connect Enterprise****and IBM Integration Bus
Product(s)
|
Version(s)
|
APAR
|
Remediation / Fix
—|—|—|—
IBM App Connect Enterprise
|
v12.0.1.0 - v12.0.5.0
|
IT40714
|
The APAR IT40714 is available in fix pack 12.0.6.0
IBM App Connect Enterprise -12.0.6.0
IBM App Connect Enterprise
|
v11.0.0.0 - v11.0.0.18
|
IT40714
|
The APAR IT40714 is available in fix pack 11.0.0.19
IBM App Connect Enterprise -11.0.0.19
IBM Integration Bus
|
v10.0.0.0 - v10.0.0.26
|
IT40714
|
Interim fix for APAR (IT40714) is available from
IBM Fix Central - Interim fix available to apply to 10.0.0.26
None