Lucene search

IBM24427E42D360EE9EF6793A0CE02917EBBA32D63D4F9276D71CAE716E4028F142

HistoryMar 27, 2024 - 3:46 p.m.

Security Bulletin: Denial of Service vulnerability in IBM HTTP Server used by WebSphere Application Server affects IBM Business Automation Workflow (CVE-2023-52425)

2024-03-2715:46:43

www.ibm.com

ibm

http server

denial of service

ibm business automation workflow

websphere application server

vulnerability

security bulletin

remediation

affected products

versions

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.1%

JSON

Summary

WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server (since 8.5.6), and User Management Service (since 18.0.0.1) in IBM Business Automation Workflow. Information about security vulnerabilities in IBM HTTP Server affecting IBM WebSphere Application Server Traditional and IBM WebSphere Application Server Liberty have been published.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)	Status
IBM Business Automation Workflow traditional	V23.0.1 - V23.0.2
V22.0.1 - V22.0.2
V21.0.1 - V21.0.3.1
V20.0.0.1 - V20.0.0.2
V19.0.0.1 - V19.0.0.3
V18.0.0.0 - V18.0.0.1	affected
IBM Business Automation Workflow Enterprise Service Bus	V23.0.1 - V23.0.2
V22.0.2	affected

Remediation/Fixes

Please consult the Security Bulletin: IBM HTTP Server is vulnerable to a denial of service due to libexpat (CVE-2023-52425) for vulnerability details and information about fixes.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmbusiness_automation_workflowMatch18.0.0.0

ibmbusiness_automation_workflowMatch18.0.0.1

ibmbusiness_automation_workflowMatch18.0.0.2

ibmbusiness_automation_workflowMatch19.0.0.1

ibmbusiness_automation_workflowMatch19.0.0.2

ibmbusiness_automation_workflowMatch19.0.0.3

ibmbusiness_automation_workflowMatch20.0.0.1

ibmbusiness_automation_workflowMatch20.0.0.2

ibmbusiness_automation_workflowMatch21.0.2

ibmbusiness_automation_workflowMatch21.0.3

ibmbusiness_automation_workflowMatch22.0.1

ibmbusiness_automation_workflowMatch22.0.2

ibmbusiness_automation_workflowMatch23.0.1

ibmbusiness_automation_workflowMatch23.0.2

CPENameOperatorVersion
ibm business automation workfloweq18.0.0.0
ibm business automation workfloweq18.0.0.1
ibm business automation workfloweq18.0.0.2
ibm business automation workfloweq19.0.0.1
ibm business automation workfloweq19.0.0.2
ibm business automation workfloweq19.0.0.3
ibm business automation workfloweq20.0.0.1
ibm business automation workfloweq20.0.0.2
ibm business automation workfloweq21.0.2
ibm business automation workfloweq21.0.3

Name	Operator	Version
ibm business automation workflow	eq	18.0.0.0
ibm business automation workflow	eq	18.0.0.1
ibm business automation workflow	eq	18.0.0.2
ibm business automation workflow	eq	19.0.0.1
ibm business automation workflow	eq	19.0.0.2
ibm business automation workflow	eq	19.0.0.3
ibm business automation workflow	eq	20.0.0.1
ibm business automation workflow	eq	20.0.0.2
ibm business automation workflow	eq	21.0.2
ibm business automation workflow	eq	21.0.3