Lucene search

K
ibmIBM8D76129A3DEE7515C3DDC9B542D828D47C559851D9A2B78D7A697F170F48F767
HistoryJan 11, 2024 - 8:15 p.m.

Security Bulletin: IBM Match 360 is vulnerable to a denial of service of GraphQL Java within IBM WebSphere Application Server Liberty (CVE-2023-28867)

2024-01-1120:15:20
www.ibm.com
8
ibm match 360
denial of service
graphql java
ibm websphere
buffer overflow
cve-2023-28867
icp - ibm match 360
upgrade.

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.3%

Summary

IBM Match 360 is vulnerable to a denial of service of GraphQL Java within IBM WebSphere Application Server Liberty.GraphQL Java is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially crafted GraphQL query, a remote attacker could exploit this vulnerability to cause a stack consumption.

Vulnerability Details

CVEID:CVE-2023-28867
**DESCRIPTION:**GraphQL Java is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially crafted GraphQL query, a remote attacker could exploit this vulnerability to cause a stack consumption.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251003 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
ICP - IBM Match 360 All

Remediation/Fixes

Upgrade to Match 360 4.7.4 or higher

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcloud_pak_for_dataMatch4.
OR
ibmcloud_pak_for_dataMatch.

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.3%

Related for 8D76129A3DEE7515C3DDC9B542D828D47C559851D9A2B78D7A697F170F48F767