IBMEEC94380DB3A01E4EA2D1FAFA76A7B2579195CA06C2BA8E8D6A048ADA1847486Security Bulletin: Vulnerability in Hutool affects IBM Process Mining . CVE-2022-45688
0.001 Low
EPSS
Percentile
30.6%
Summary
There is a vulnerability in Hutool that could allow a remote attacker to execute a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability.
Vulnerability Details
CVEID:CVE-2022-45688
**DESCRIPTION:**Hutool is vulnerable to a denial of service, caused by stack-based buffer overflow. By persuading a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242881 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Process Mining |
1.14.1,1.14.0, 1.13.2, 1.13.1, 1.13.0, 1.12.0.5, 1.12.0.4
Remediation/Fixes
Remediation/Fixes guidance:
| Product(s) | **Version(s) number and/or range ** | Remediation/Fix/Instructions |
|---|---|---|
| IBM Process Mining |
1.14.1,
1.14.0, 1.13.2, 1.13.1, 1.13.0, 1.12.0.5, 1.12.0.4
|
Upgrade to version 1.14.2
1.Login to PassPortAdvantage
2. Search for
M0FHQML
Process Mining 1.14.2 Server Multiplatform Multilingual
3. Download package
4. Follow install instructions
5. Repeat for M0FHRML Process Mining 1.14.2 Client Windows Multilingual
| |
Workarounds and Mitigations
Workarounds/Mitigation guidance:
None known
Related
0.001 Low
EPSS
Percentile
30.6%