Lucene search
IBM19BA09FCB9E5F45D7ABCD62A40B6F737067124D91D060048CCF5304331714E84HistoryJul 01, 2024 - 6:00 a.m.
Security Bulletin: Denial of service caused by jose4j in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center
2024-07-0106:00:14
www.ibm.com
2
ibm storage protect operations center
denial of service
jose4j
vulnerability
ibm websphere application server liberty
cve-2023-51775
input validation
remote attacker
cvss base score 7.5
aix
linux
windows
fix
ibm support pages
Summary
IBM Storage Protect Operations Center may be affected by denial of service caused by jose4j in IBM WebSphere Application Server Liberty. CVE-2023-51775.
Vulnerability Details
CVEID:CVE-2023-51775
**DESCRIPTION:**jose4j is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2c value, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/275907 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Storage Protect Operations Center | 8.1.0.000 - 8.1.22.xxx |
Remediation/Fixes
| Affected Versions | Fixing Level | Platform | Link to Fix and Instructions |
|---|---|---|---|
| 8.1.0.000 - 8.1.22.xxx | 8.1.23 | AIX, Linux, Windows | <https://www.ibm.com/support/pages/node/588021> |
Workarounds and Mitigations
None
Affected configurations
Node
ibmstorage_protectMatch8.1
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm storage protect | eq | 8.1 |
Related
nessus
nessus
SUSE SLES15 Security Update : SUSE Manager Server 4.3 (SUSE-SU-2024:1532-1)
2024-05-07 00:00:00
IBM WebSphere Application Server 8.5.5.3 < 8.5.5.26 / 9.x < 9.0.5.20 / Liberty 21.0.0.3 < 24.0.0.4 DoS (7145942)
2024-04-04 00:00:00
SUSE SLES15 Security Update : SUSE Manager Server 4.3 (SUSE-SU-2024:1507-1)
2024-05-07 00:00:00
ibm
ibm
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service due to jose4j (CVE-2023-51775)
2024-04-04 16:54:13
osv
osv
CVE-2023-51775
2024-02-29 01:42:05
jose4j denial of service via specifically crafted JWE
2024-02-29 03:33:14
cvelist
cvelist
CVE-2023-51775
2023-12-25 00:00:00
debiancve
debiancve
CVE-2023-51775
2024-02-29 01:42:05
prion
prion
Design/Logic Flaw
2024-02-29 01:42:00
cgr
cgr
CVE-2023-51775 vulnerabilities
2024-05-19 03:07:16
ubuntucve
ubuntucve
CVE-2023-51775
2024-02-29 00:00:00
wolfi
wolfi
CVE-2023-51775 vulnerabilities
2024-05-29 03:07:31
nvd
nvd
CVE-2023-51775
2024-02-29 01:42:05
veracode
veracode
Denial Of Service (DoS)
2024-03-05 06:37:59
github
github
jose4j denial of service via specifically crafted JWE
2024-02-29 03:33:14
cve
cve
CVE-2023-51775
2024-02-29 01:42:05
redhatcve
redhatcve
CVE-2023-51775
2024-02-29 09:03:19
redhat
redhat
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.2%
Related for 19BA09FCB9E5F45D7ABCD62A40B6F737067124D91D060048CCF5304331714E84