Lucene search

IBM90B9B1E7ACA917E09217D9BB58DE0D87516AE9A32E043E64565D8605C3A27621

HistoryOct 24, 2023 - 3:13 p.m.

Security Bulletin: IBM Integration Bus is vulnerable to a remote attacker due to Apache Tomcat

2023-10-2415:13:38

www.ibm.com

ibm integration bus

remote attacker vulnerability

apache tomcat

cve-2023-41080

open redirect

phishing attacks

cvss base score 6.5

it44531

ibm app connect enterprise v10.1 - fix pack 10.1.0.2

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

64.7%

JSON

Summary

IBM Integration Bus is vulnerable to a remote attacker due to Apache Tomcat (CVE-2023-41080).

Vulnerability Details

CVEID:CVE-2023-41080
**DESCRIPTION:**Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the FORM authentication feature. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264483 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Integration Bus	10.1 - 10.1.0.1

Remediation/Fixes

IBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to****IBM Integration Bus

Product(s)	Version(s)	APAR	Remediation / Fix
IBM Integration Bus	10.1 - 10.1.0.1	IT44531

The APAR (IT44531) is available from

IBM App Connect Enterprise v10.1 - Fix Pack 10.1.0.2

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmintegration_busRange10.1≥

ibmintegration_busRange≤10.1.0.1

CPENameOperatorVersion
ibm integration busge10.1
ibm integration busle10.1.0.1

CPE	Name	Operator	Version
	ibm integration bus	ge	10.1
	ibm integration bus	le	10.1.0.1

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

64.7%

JSON

Related for 90B9B1E7ACA917E09217D9BB58DE0D87516AE9A32E043E64565D8605C3A27621