Security Bulletin: Windows TCP/IP Denial of Service Vulnerability affect Cloud Pak System [CVE-2023-36602]

Summary

Windows TCP/IP Denial of Service Vulnerability affect Cloud Pak System.

Vulnerability Details

CVEID:CVE-2023-36602
**DESCRIPTION:**Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the TCP/IP component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/267833 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Remediation/Fixes

For unsupported or end of life release recommendation is to upgrade to supported fixed release of the product.

TCP IP Denial of Service vulnerability found in Windows . Cloud Pak System in response to this vulnerability update Windows server image to Windows 2012 Server standard edition patch KB5031407.

The severity is important IBM strongly recommends addressing the vulnerability now by upgrading to IBM Cloud Pak System v2.3.3.6 Interim Fix2.

For IBM Cloud Pak System v2.3.3.0, v.2.3.3.1, v.2.3.3.2, v.2.3.3.3, v2.3.3.3 iFix 1, v2.3.3.4, v2.3.3.5, v2.3.3.6
upgrade to IBM Cloud Pak System v2.3.3.6 Interim Fix1, apply IBM Cloud Pak System v2.3.3.6 Interim Fix 2 at Fix Central.
information on upgrading here <https://www.ibm.com/support/pages/node/7017280&gt;

For IBM Cloud Pak System V2.3.3.6 Interim Fix 1,
Apply Cloud Pak System V2.3.3.6 Interim Fix 2 at Fix Central
information on upgrading available at <http://www.ibm.com/support/docview.wss?uid=ibm10887959&gt;

Workarounds and Mitigations

None