Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM8A319DCF736DC4ED0F0F608D40732688FF1A6DF5BBB2673DD62E6D25B4FFCDB8
HistoryNov 22, 2023 - 5:59 a.m.

Security Bulletin: Fix for BIRT Report Engine that is vulnerable due to nested jtidy.jar r938

2023-11-2205:59:57
www.ibm.com
2
birt report engine
ibm devops model architect
vulnerability
jtidy.jar
out-of-bounds write error
denial of service
cve-2023-34623
cvss
remediation
workarounds

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.0%

JSON

Summary

BIRT report engine bundled in IBM DevOps Model Architect v1.0 is vulnerable as it has a nested jtidy.jar r938.

Vulnerability Details

CVEID:CVE-2023-34623
**DESCRIPTION:**jtidy is vulnerable to a denial of service, caused by an out-of-bounds write error. By using a specially crafted object that uses cyclic dependencies, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258082 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM DevOps Model Architect (DMA) 1.0

Remediation/Fixes

1. Stop IBM DevOps Model Architect 1.0.

2. Download the attached zip file (org.eclipse.birt_.report.engine_4.11.0.202307042101.zip) and extract plugin org.eclipse.birt.report.engine_4.11.0.202307042101.jar into a temporary folder.

3. Goto <install_dir>/plugins/ folder

4. Replace the old plugin with the new plugin.

5. Start IBM DevOps Model Architect 1.0.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmdevops_deployMatch1.0.0
CPENameOperatorVersion
ibm devops model architecteq1.0.0

Related

openvas 2
ubuntucve 1
cvelist 1
debiancve 1
ibm 1
nessus 5
nvd 1
amazon 1
prion 1
redhatcve 1
cve 1
redos 1
openvas
openvas
openSUSE: Security Advisory for jtidy (SUSE-SU-2023:3164-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:3016-1)
2023-07-31 00:00:00
ubuntucve
ubuntucve
CVE-2023-34623
2023-06-14 00:00:00
cvelist
cvelist
CVE-2023-34623
2023-06-14 00:00:00
debiancve
debiancve
CVE-2023-34623
2023-06-14 14:15:10
ibm
ibm
Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2023-34623
2024-02-22 09:45:26
nessus
nessus
SUSE SLES15 Security Update : jtidy (SUSE-SU-2023:3016-1)
2023-07-29 00:00:00
Amazon Linux 2 : jtidy (ALAS-2024-2461)
2024-02-19 00:00:00
SUSE SLES12 Security Update : jtidy (SUSE-SU-2023:3165-1)
2023-08-03 00:00:00
nvd
nvd
CVE-2023-34623
2023-06-14 14:15:10
amazon
amazon
Medium: jtidy
2024-02-15 03:52:00
prion
prion
Code injection
2023-06-14 14:15:00
redhatcve
redhatcve
CVE-2023-34623
2023-08-08 20:35:19
cve
cve
CVE-2023-34623
2023-06-14 14:15:10
redos
redos
ROS-20240606-05
2024-06-06 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.0%

JSON
Related for 8A319DCF736DC4ED0F0F608D40732688FF1A6DF5BBB2673DD62E6D25B4FFCDB8
openvas2ubuntucve1cvelist1debiancve1ibm1nessus5nvd1amazon1prion1redhatcve1cve1redos1