Security Bulletin: Vulnerability in snappy-java affects IBM Process Mining . CVE-2023-34453

Summary

There is a vulnerability in snappy-java that could allow a remote attacker to execute a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability.

Vulnerability Details

CVEID:CVE-2023-34453
**DESCRIPTION:**snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle function. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258186 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

1.14.1,1.14.0, 1.13.2, 1.13.1, 1.13.0

Remediation/Fixes

Remediation/Fixes guidance:

1.14.1,

1.14.0, 1.13.2, 1.13.1, 1.13.0

|

Upgrade to version 1.14.2

1.Login to PassPortAdvantage

2. Search for
M0FHQML
Process Mining 1.14.2 Server Multiplatform Multilingual

3. Download package

4. Follow install instructions

5. Repeat for M0FHRML Process Mining 1.14.2 Client Windows Multilingual

| |

Workarounds and Mitigations

Workarounds/Mitigation guidance:

None known