Lucene search

IBM2EA421398B12BE9C03C39D8B241F65D205A5F837E12ABCA7E7791EFB5D4D74FD

HistoryFeb 28, 2023 - 8:20 a.m.

Security Bulletin: Denial of Service vulnerability in IBM HTTP Server used by WebSphere Application Server affects IBM Business Automation Workflow (CVE-2023-26281)

2023-02-2808:20:43

www.ibm.com

ibm business automation workflow

ibm http server

denial of service

cve-2023-26281

security bulletin

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

45.6%

JSON

Summary

WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server (since 8.5.6), and User Management Service (since 18.0.0.1) in IBM Business Automation Workflow. Information about security vulnerabilities in IBM HTTP Server affecting IBM WebSphere Application Server Traditional and IBM WebSphere Application Server Liberty have been published.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)	Status
IBM Business Automation Workflow traditional	V22.0.1 - V22.0.2
V21.0.1 - V21.0.3.1
V20.0.0.1 - V20.0.0.2
V19.0.0.1 - V19.0.0.3
earlier unsupported versions	affected
IBM Business Automation Workflow containers	V22.0.1 - V22.0.2
V21.0.1 - V21.0.3
V20.0.0.1 - V20.0.0.2	not affected

Remediation/Fixes

Please consult the Security Bulletin: IBM HTTP Server is vulnerable to a denial of service (CVE-2023-26281) for vulnerability details and information about fixes.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmbusiness_process_manager_enterprise_service_busMatch8.6.0.0

ibmbusiness_automation_workflowMatch18.0.0.0

ibmbusiness_automation_workflowMatch18.0.0.1

ibmbusiness_automation_workflowMatch18.0.0.2

ibmbusiness_automation_workflowMatch19.0.0.1

ibmbusiness_automation_workflowMatch19.0.0.2

ibmbusiness_automation_workflowMatch19.0.0.3

ibmbusiness_automation_workflowMatch20.0.0.1

ibmbusiness_automation_workflowMatch20.0.0.2

ibmbusiness_automation_workflowMatch21.0.2

ibmbusiness_automation_workflowMatch21.0.3

ibmbusiness_automation_workflowMatch22.0.1

ibmbusiness_automation_workflowMatch22.0.2

CPENameOperatorVersion
ibm business process manager enterprise service buseq8.6.0.0
ibm business automation workfloweq18.0.0.0
ibm business automation workfloweq18.0.0.1
ibm business automation workfloweq18.0.0.2
ibm business automation workfloweq19.0.0.1
ibm business automation workfloweq19.0.0.2
ibm business automation workfloweq19.0.0.3
ibm business automation workfloweq20.0.0.1
ibm business automation workfloweq20.0.0.2
ibm business automation workfloweq21.0.2

Name	Operator	Version
ibm business process manager enterprise service bus	eq	8.6.0.0
ibm business automation workflow	eq	18.0.0.0
ibm business automation workflow	eq	18.0.0.1
ibm business automation workflow	eq	18.0.0.2
ibm business automation workflow	eq	19.0.0.1
ibm business automation workflow	eq	19.0.0.2
ibm business automation workflow	eq	19.0.0.3
ibm business automation workflow	eq	20.0.0.1
ibm business automation workflow	eq	20.0.0.2
ibm business automation workflow	eq	21.0.2