IBM Event Streams is vulnerable to a a denial of service attack due to the jose4j component. The jose4j library is used in event streams for secure handling of JSON Web Tokens (JWTs), enabling encryption, decryption, and validation of tokens to ensure secure authentication and data integrity in event-driven applications.
CVEID:CVE-2023-51775
**DESCRIPTION:**jose4j is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2c value, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/275907 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Event Streams | 11.3.0-11.3.2 |
IBM strongly recommends addressing the vulnerability now by upgrading
Upgrade to IBM Event Streams 11.4.0 by following the upgrading and migrating documentation.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm event streams | ge | 11.3.0 | |
ibm event streams | le | 11.3.2 |