Lucene search

IbmCVELIST:CVE-2023-38737

HistoryAug 16, 2023 - 6:07 p.m.

CVE-2023-38737 IBM WebSphere Application Server Liberty denial of service

2023-08-1618:07:30

CWE-20

ibm

www.cve.org

ibm

websphere

application

server

denial of service

vulnerability

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

23.6%

JSON

IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 262567.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "WebSphere Application Server Liberty",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "23.0.0.7",
        "status": "affected",
        "version": "22.0.0.13",
        "versionType": "semver"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/262567

www.ibm.com/support/pages/node/7027509

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

23.6%

JSON

Related for CVELIST:CVE-2023-38737