Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistIbmCVELIST:CVE-2023-38264
HistoryMay 10, 2024 - 5:21 p.m.

CVE-2023-38264 IBM SDK, Java Technology Edition denial of service

2024-05-1017:21:51
CWE-502
ibm
www.cve.org
6
ibm
java technology
denial of service
vulnerability
deserialization filters
x-force id

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5.7

Confidence

High

EPSS

0

Percentile

9.0%

JSON

The IBM SDK, Java Technology Edition’s Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: 260578.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SDK, Java Technology Edition",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "7.1.5.21",
        "status": "affected",
        "version": "7.1.0.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.0.8.21",
        "status": "affected",
        "version": "8.0.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Related

ibm 43
redhatcve 1
vulnrichment 1
redhat 3
nessus 7
cve 1
nvd 1
aix 1
openvas 2
ibm
ibm
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264
2024-08-14 09:00:59
Security Bulletin: Maximo Asset Management: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264
2024-05-31 14:39:53
Security Bulletin: IBM Integration Designer is vulnerable to a denial of service (CVE-2023-38264)
2024-05-17 20:57:35
redhatcve
redhatcve
CVE-2023-38264
2024-05-10 08:27:44
vulnrichment
vulnrichment
CVE-2023-38264 IBM SDK, Java Technology Edition denial of service
2024-05-10 17:21:51
redhat
redhat
(RHSA-2024:3685) Moderate: java-1.8.0-ibm security update
2024-06-06 13:10:06
(RHSA-2024:6595) Moderate: java-1.8.0-ibm security update
2024-09-11 13:33:23
(RHSA-2024:4160) Moderate: java-1.8.0-ibm security update
2024-06-27 09:43:49
nessus
nessus
CentOS 7 : java-1.8.0-ibm (RHSA-2024:4160)
2024-06-27 00:00:00
RHEL 7 : java-1.8.0-ibm (RHSA-2024:4160)
2024-06-27 00:00:00
RHEL 8 : java-1.8.0-ibm (RHSA-2024:3685)
2024-06-06 00:00:00
cve
cve
CVE-2023-38264
2024-05-14 13:21:29
nvd
nvd
CVE-2023-38264
2024-05-14 13:21:29
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2024-06-24 15:10:30
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:1859-1)
2024-08-20 00:00:00
openSUSE: Security Advisory for java (SUSE-SU-2024:1859-1)
2024-08-20 00:00:00

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5.7

Confidence

High

EPSS

0

Percentile

9.0%

JSON
Related for CVELIST:CVE-2023-38264
ibm43redhatcve1vulnrichment1redhat3nessus7cve1nvd1aix1openvas2