Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM495F53DF38CAD816F22B1575483892FD8E52E3C5303532070C9A71F668B44197
HistoryOct 04, 2023 - 8:29 a.m.

Security Bulletin: Vulnerability in jna-platform library affects IBM Engineering Lifecycle Optimization - Publishing

2023-10-0408:29:48
www.ibm.com
16
ibm
engineering lifecycle optimization
publishing
vulnerability
jna
denial of service
cvss
fix
remediation
JSON

Summary

This security vulnerablity has been addressed in IBM Engineering Lifecycle Optimization - Publishing newer releases

Vulnerability Details

**IBM X-Force ID:**240628
**DESCRIPTION:**Java Native Access (JNA) is vulnerable to a denial of service, caused by an out-of-bounds read flaw in the Advapi32Util.registryGetValues function. By persuading a victim to open a specially-crafted content, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240628 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
PUB 7.0.1
PUB 7.0.2

Remediation/Fixes

Product Version(s) How to remediate ?
IBM Engineering Lifecycle Optimization - Publishing 7.0.1 The vulnerability can be remediated by applying the following PUB 7.0.1 iFix023 or later iFixes
7.0.2 The vulnerability can be remediated by applying the following PUB 7.0.2 iFix025 or later iFixes

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmengineering_lifecycle_optimization_-_publishingMatch7.0.1
OR
ibmengineering_lifecycle_optimization_-_publishingMatch7.0.2
JSON