.NET Agent is vulnerable to Newtonsoft.Json 12.0.1.22727.dll. This fix has upgraded Newtonsoft.Json from Newtonsoft.Json-12.0.1.22727.dll to Newtonsoft.Json.13.0.3
**IBM X-Force ID:**234366
**DESCRIPTION:**Newtonsoft.Json is vulnerable to a denial of service, caused by improper handling of StackOverFlow exception (SOE) whenever nested expressions are being processed. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234366 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
APM Agents for Monitoring | all |
.NET Agent release 8.1.4.0.20 (.NET Agent Version: 08.23.05.00)
Download the APM Advanced Agents installer from Passport Advantage. Please refer below link for download instructions:
https://www.ibm.com/docs/en/capmp/8.1.4?topic=advantage-part-numbers
Part Number : M0CLJML
Build Name : adv_agents_win_8.1.4.0.20.zip
None
CPE | Name | Operator | Version |
---|---|---|---|
tivoli composite application manager for microsoft applications | eq | 814020 |