Lucene search

K
ibmIBM9503F2EC4A9AA2AFF160801AC0C66F0689BBD52091584DDCFE34A7E3DCB1954D
HistoryApr 25, 2024 - 5:18 a.m.

Security Bulletin: IBM Event Processing is vulnerable to a denial of service attack (CVE-2023-51074).

2024-04-2505:18:47
www.ibm.com
7
ibm event processing
denial of service
json-path
buffer overflow
cve-2023-51074
upgrade
version 1.1.3

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

7.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

Summary

IBM Event Processing is vulnerable to a denial of service due to json-path component , caused by a stack-based buffer overflow in the Criteria.parse method. It is a query language for JSON, similar to XPath for XML. It allows you to select and extract data from a JSON document.

Vulnerability Details

CVEID:CVE-2023-51074
**DESCRIPTION:**json-path is vulnerable to a denial of service, caused by a stack-based buffer overflow in the Criteria.parse method. By sending a specially crafted input, a remote attacker could exploit this vulnerability to cause an uncontrolled recursion, and results in a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/276174 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Event Processing 1.0.0 - 1.1.2

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading

Upgrade to IBM Event Processing 1.1.3 by following the upgrading and migrating documentation.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmevent_streamsMatchany
CPENameOperatorVersion
ibm event automationeqany

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

7.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

Related for 9503F2EC4A9AA2AFF160801AC0C66F0689BBD52091584DDCFE34A7E3DCB1954D