The jetty-http-9.4.48.v20220622.jar package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE [CVE-2023-26049].
CVEID:CVE-2023-26049
**DESCRIPTION:**Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw during nonstandard cookie parsing. By sending a specially crafted request to tamper with the cookie parsing mechanism, an attacker could exploit this vulnerability to obtain values from other cookies, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253355 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud Pak for Data System 1.0 | 1.0.0.0-1.0.8.1 |
IBM strongly recommends addressing the vulnerability now by upgrading to latest version.
Product | VRMF | Remediation/First Fix |
---|---|---|
IBM Cloud Pak for Data System 1.0 | 1.0.8.2 | Link to Fix Central |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud pak for data system | eq | 1.0 |