Lucene search

K
ibmIBM30873CF80BE73E9C9D48E1EEF58C3E7A193F54DCD43BC7C53956AE7D3E89751E
HistoryJun 27, 2023 - 11:02 a.m.

Security Bulletin: Vulnerability in netplex json-smart affects IBM Process Mining . CVE-2023-1370

2023-06-2711:02:56
www.ibm.com
19
ibm process mining
netplex json-smart
denial of service
remote attacker
cve-2023-1370.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

43.2%

Summary

There is a vulnerability in netplex json-smart that could allow a remote attacker to execute a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability.

Vulnerability Details

CVEID:CVE-2023-1370
**DESCRIPTION:**netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted input, a remote attacker could exploit this vulnerability to cause a stack exhaustion and crash the software.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249885 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Process Mining 1.14.0, 1.13.2, 1.13.1, 1.13.0, 1.12.0.5, 1.12.0.4

Remediation/Fixes

Remediation/Fixes guidance:

Product(s) **Version(s) number and/or range ** Remediation/Fix/Instructions
IBM Process Mining

1.14.0, 1.13.2, 1.13.1, 1.13.0, 1.12.0.5, 1.12.0.4

|

Upgrade to version 1.14.1

1.Login to PassPortAdvantage

2. Search for
M0D0JML
Process Mining 1.14.1 Server Multiplatform Multilingual

3. Download package

4. Follow install instructions

5. Repeat for M0D0KML Process Mining 1.14.1 Client Windows Multilingual

| |

Workarounds and Mitigations

Workarounds/Mitigation guidance:

None known

Affected configurations

Vulners
Node
ibmcloud_pak_for_automationMatch1.14.0
OR
ibmcloud_pak_for_automationMatch1.13.2
OR
ibmcloud_pak_for_automationMatch1.13.1
OR
ibmcloud_pak_for_automationMatch1.13.0
OR
ibmcloud_pak_for_automationMatch1.12.0.5
OR
ibmcloud_pak_for_automationMatch1.12.0.4

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

43.2%