Lucene search

K
ibmIBM1F88841EF607C8C56B8A1B71ABE8060E52F55D0ADDEFEC08F2E318BB0018DDEA
HistoryJun 30, 2023 - 1:47 p.m.

Security Bulletin: IBM Watson Explorer is affected by a vulnerability in IBM WebSphere Application Server Liberty (CVE-2023-24998)

2023-06-3013:47:57
www.ibm.com
15
ibm watson explorer
ibm websphere application server liberty
denial of service
cve-2023-24998
upgrade fix.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.032

Percentile

91.2%

Summary

IBM Watson Explorer contains a vulnerable version of IBM WebSphere Application Server Liberty.

Vulnerability Details

CVEID:CVE-2023-24998
**DESCRIPTION:**Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247895 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Watson Explorer DAE
oneWEX Components

12.0.0.0, 12.0.0.1

12.0.1,

12.0.2.0 - 12.0.2.2,

12.0.3.0 - 12.0.3.11

IBM Watson Explorer DAE Analytical Components|

12.0.0.0, 12.0.0.1

12.0.1,

12.0.2.0 - 12.0.2.2,

12.0.3.0 - 12.0.3.11

IBM Watson Explorer DAE Foundational Components|

12.0.0.0, 12.0.0.1

12.0.1,

12.0.2.0 - 12.0.2.2,

12.0.3.0 - 12.0.3.11

IBM Watson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 - 11.0.2.15
IBM Watson Explorer Foundational Components| 11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 - 11.0.2.15

Remediation/Fixes

Affected Product Affected Versions Fix
IBM Watson Explorer DAE
oneWEX Components

12.0.0.0, 12.0.0.1

12.0.1,

12.0.2.0 - 12.0.2.2,

12.0.3.0 - 12.0.3.11

|

Upgrade to Version 12.0.3.12.

See Watson Explorer Version 12.0.3.12 oneWEX for download information and instructions.

  1. If not already installed, install V12.0.3 Fix Pack 12 (see the Fix Pack download document).
  2. Download the package from Fix Central: Fix Pack 12.0.3.12-WS-WatsonExplorer-DAEOneWEX-FP012 and extract the contents of the fix into a temporary directory.
  3. See Updating WebSphere Liberty in IBM Watson Explorer oneWEX for detailed instructions how to apply the fix.
    IBM Watson Explorer DAE Analytical Components|

12.0.0.0, 12.0.0.1

12.0.1,

12.0.2.0 - 12.0.2.2,

12.0.3.0 - 12.0.3.11

|

Upgrade to Version 12.0.3.12.

See Watson Explorer Version 12.0.3.12 Analytical Components for download information and instructions.

  1. If not already installed, install V12.0.3 Fix Pack 12 (see the Fix Pack download document).
  2. Download the package from Fix Central: interim fix 12.0.3.12-WS-WatsonExplorer-DAEAnalytical-FP012 and extract the contents of the fix into a temporary directory.
  3. See Updating WebSphere Liberty in IBM Watson Explorer Analytical Components for detailed instructions how to apply the fix.
    IBM Watson Explorer DAE Foundational Components|

12.0.0.0, 12.0.0.1

12.0.1,

12.0.2.0 - 12.0.2.2,

12.0.3.0 - 12.0.3.11

|

Upgrade to Version 12.0.3.12.

See Watson Explorer Version 12.0.3.12 Foundational Components for download information and instructions.

  1. If not already installed, install V12.0.3 Fix Pack 12 (see the Fix Pack download document).
  2. Download the package from Fix Central: interim fix 12.0.3.12-WS-WatsonExplorer-DAEFoundational-FP012 and extract the contents of the fix into a temporary directory.
  3. See Updating WebSphere Liberty in IBM Watson Explorer Foundational Components for detailed instructions how to apply the fix.
    IBM Watson Explorer Analytical Components|

11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 - 11.0.2.15

|

Upgrade to Watson Explorer Analytical Components Version 11.0.2 Fix Pack 16. For information about this version, and links to the software and release notes, see the download document. For information about upgrading, see the upgrade procedures.

  1. If not already installed, install V11.0.2 Fix Pack 16 (see the Fix Pack download document).
  2. Download the package from Fix Central: interim fix 11.0.2.16-WS-WatsonExplorer-Analytical-FP016 and extract the contents of the fix into a temporary directory.
  3. See Updating WebSphere Liberty in IBM Watson Explorer Analytical Components for detailed instructions how to apply the fix.
    IBM Watson Explorer Foundational Components|

11.0.0.0 - 11.0.0.3,
11.0.1,
11.0.2.0 - 11.0.2.15

|

Upgrade to Watson Explorer Foundational Components Version 11.0.2 Fix Pack 16. For information about this version, and links to the software and release notes, see the download document. For information about upgrading, see the upgrade procedures.

  1. If not already installed, install V11.0.2 Fix Pack 16 (see the Fix Pack download document).
  2. Download the package from Fix Central: interim fix 11.0.2.14-WS-WatsonExplorer-Foundational-FP0016 and extract the contents of the fix into a temporary directory.
  3. See Updating WebSphere Liberty in IBM Watson Explorer Foundational Components for detailed instructions how to apply the fix.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwatson_explorer_analytical_componentsMatch11.0.0
OR
ibmwatson_explorer_analytical_componentsMatch11.0.1
OR
ibmwatson_explorer_analytical_componentsMatch11.0.2
OR
ibmwatson_explorer_analytical_componentsMatch12.0.0
OR
ibmwatson_explorer_analytical_componentsMatch12.0.1
OR
ibmwatson_explorer_analytical_componentsMatch12.0.2
OR
ibmwatson_explorer_analytical_componentsMatch12.0.3

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.032

Percentile

91.2%