7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
53.8%
GraphQL has a Denial of Service security vulnerability CVE-2022-37734 in GraphQL-java
CVEID:CVE-2022-37734
**DESCRIPTION:**GraphQL Java is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By sending a specially-crafted request using Directive overloading, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235781 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
To resolve these vulnerabilities, install one of the patch sets listed below to upgrade graphql-java.
Affected Product(s) | Version(s) |
---|---|
FileNet Content Manager | 5.5.8.0 |
FileNet Content Manager | 5.5.9.0 |
To resolve these vulnerabilities, install one of the patch sets listed below to upgrade to graphql-java.
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
FileNet Content Manager | 5.5.8.0 | PJ46912 | 5.5.8.0-P8GQL-IF003 - 11/30/2022 |
FileNet Content Manager | 5.5.9.0 | PJ46912 | [5.5.9.0-P8GQL-IF001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=FileNet Product Family&product=ibm/Information+Management/IBM+FileNet+Content+Services+GraphQL+API&release=5.5.9.0&platform=All&function=all> “5.5.9.0-P8GQL-IF001” ) - 10/26/2022 |
In the above table, the APAR links will provide more information about the fix.
None
CPE | Name | Operator | Version |
---|---|---|---|
filenet content manager | eq | 5.5.8 | |
filenet content manager | eq | 5.5.9 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
53.8%