CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
64.9%
Operator of IBM Event Processing is vulnerable to an unauthorized endpoint access and possibly a denial of service. (CVE-2023-4853)
CVEID:CVE-2023-4853
**DESCRIPTION:**Quarkus could allow a remote attacker to bypass security restrictions, caused by improper sanitization of requests. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass the security policy altogether.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266748 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Event Processing | 1.0.0-1.0.3 |
IBM strongly recommends addressing the vulnerability now by upgrading
Upgrade to IBM Event Processing 1.0.4 by following the upgrading and migrating documentation.
None
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
64.9%