Security Bulletin: The IBM® Engineering Lifecycle Engineering product using WebSphere Application Server Liberty is vulnerable to denial of service (CVE-2023-38737)

Summary

IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the restfulWS-3.0 or restfulWS-3.1 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management, IBM Engineering Workflow Management, IBM Engineering Requirements Management DOORS Next.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Remediation/Fixes

By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the server to consume memory resources and this could lead to a denial of service.

Features affected: restfulWS-3.0 and restfulWS-3.1

This affects WebSphere Application Server Liberty versions 22.0.0.13 - 23.0.0.7

If any of the mentioned affected product is deployed on one of the above versions, Please follow the instruction given in the following article.

Link: <https://www.ibm.com/support/pages/node/7027509&gt;

Workarounds and Mitigations

None