There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs.
CVEID:CVE-2023-36478
**DESCRIPTION:**Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer allocation in MetaDataBuilder.checkSize. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268413 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-44487
**DESCRIPTION:**Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By sending numerous HTTP/2 requests and RST_STREAM frames over multiple streams, a remote attacker could exploit this vulnerability to cause a denial of service due to server resource consumption.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268044 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
Rational Functional Tester (RFT) | 9.5 |
Rational Functional Tester (RFT) | 10.0 |
Rational Functional Tester (RFT) | 10.1 |
Rational Functional Tester (RFT) | 10.2 |
Rational Functional Tester (RFT) | 10.5 |
The known CVEs are fixed in IBM DevOps Test UI 11.0.0. Upgrading to IBM DevOps Test UI 11.0.0 from the earlier versions (which was known as IBM Rational Functional Tester) is highly recommended.
You can download the latest version from Passport Advantage.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm devops test ui | eq | 9.5 | |
ibm devops test ui | eq | 10.5.4 |