Lucene search

K
ibmIBM0616E2FFF9B9EB2963CA55BB5998423E3020863C268671E3CD6F11A65D3B7332
HistoryAug 18, 2023 - 4:13 p.m.

Security Bulletin: netplex json-smart-v2 component is vulnerable to CVE-2023-1370 is used by IBM Maximo Application Suite

2023-08-1816:13:47
www.ibm.com
13
ibm maximo
netplex json-smart-v2
denial of service
cve-2023-1370
vulnerability
fixpack
8.9
8.10

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

40.0%

Summary

IBM Maximo Application Suite uses netplex json-smart-v2 package which is vulnerable to CVE-2023-1370.

Vulnerability Details

CVEID:CVE-2023-1370
**DESCRIPTION:**netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted input, a remote attacker could exploit this vulnerability to cause a stack exhaustion and crash the software.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249885 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Maximo Application Suite - IBM Asset Data Dictionary Component 8.9
IBM Maximo Application Suite - IBM Asset Data Dictionary Component 8.10

Remediation/Fixes

Affected Product(s) Fixpack Version(s)
IBM Maximo Application Suite - IBM Asset Data Dictionary Component 8.9.7 or the latest (available from the Catalog under Update Available)
IBM Maximo Application Suite - IBM Asset Data Dictionary Component 8.10.2 or the latest (available from the Catalog under Update Available)

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmaximo_application_suiteMatch8.9
OR
ibmmaximo_application_suiteMatch8.10

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

40.0%