Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMCF5C01D1EF9FDB7F59A180E6BEECBE60BDE0AD16E9EA6F2DE05F405BE407D7B4
HistoryJan 12, 2024 - 9:32 a.m.

Security Bulletin: Vulnerability of Newtonsoft.Json-12.0.1.22727.dll has afftected to .NET Agent

2024-01-1209:32:08
www.ibm.com
175
.net agent
newtonsoft.json
vulnerability
upgrade
apm agents
denial of service
ibm x-force
cvss
remediation
installer
passport advantage

6.9 Medium

AI Score

Confidence

High

JSON

Summary

.NET Agent is vulnerable to Newtonsoft.Json 12.0.1.22727.dll. This fix has upgraded Newtonsoft.Json from Newtonsoft.Json-12.0.1.22727.dll to Newtonsoft.Json.13.0.3

Vulnerability Details

**IBM X-Force ID:**234366
**DESCRIPTION:**Newtonsoft.Json is vulnerable to a denial of service, caused by improper handling of StackOverFlow exception (SOE) whenever nested expressions are being processed. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234366 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
APM Agents for Monitoring all

Remediation/Fixes

.NET Agent release 8.1.4.0.20 (.NET Agent Version: 08.23.05.00)

Download the APM Advanced Agents installer from Passport Advantage. Please refer below link for download instructions:

https://www.ibm.com/docs/en/capmp/8.1.4?topic=advantage-part-numbers

Part Number : M0CLJML

Build Name : adv_agents_win_8.1.4.0.20.zip

Workarounds and Mitigations

None

6.9 Medium

AI Score

Confidence

High

JSON