Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264

2024-08-1409:00:59

www.ibm.com

ibm engineering lifecycle

ibm sdk

java technology edition

cve-2023-38264

security bulletin

apr 2024

oracle april 2024 cpu

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

Low

JSON

Summary

IBM SDK, Java Technology Edition is vulnerable to CVE-2023-38264. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management, IBM Engineering Lifecycle Optimization - Publishing, Global Configuration Management, IBM Jazz Reporting Service, IBM Engineering Requirements Management DOORS Next, IBM Engineering Lifecycle Optimization - Engineering Insights, Jazz Foundation

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Engineering Lifecycle Optimization - Publishing	7.0.2
IBM Engineering Test Management
Global Configuration Management
IBM Jazz Reporting Service
IBM Engineering Requirements Management DOORS Next
IBM Engineering Lifecycle Optimization - Engineering Insights
Jazz Foundation	7.0.3
IBM Engineering Lifecycle Optimization - Publishing
IBM Engineering Test Management
Global Configuration Management
IBM Jazz Reporting Service
IBM Engineering Requirements Management DOORS Next
IBM Engineering Lifecycle Optimization - Engineering Insights
Jazz Foundation

Remediation/Fixes

CVE-2023-38264 may affect IBM Engineering Test Management which uses IBM SDK, Java Technology Edition.

If ant of these products are deployed on one of the above versions, Please follow the instruction given in the following article.

Link: <https://ibm.com/support/pages/node/7150727>

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmibm_engineering_lifecycle_management_baseMatch702

ibmibm_engineering_lifecycle_management_baseMatch703

VendorProductVersionCPE
ibmibm_engineering_lifecycle_management_base702cpe:2.3:a:ibm:ibm_engineering_lifecycle_management_base:702:*:*:*:*:*:*:*
ibmibm_engineering_lifecycle_management_base703cpe:2.3:a:ibm:ibm_engineering_lifecycle_management_base:703:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	ibm_engineering_lifecycle_management_base	702	cpe:2.3:a:ibm:ibm_engineering_lifecycle_management_base:702:::::::*
ibm	ibm_engineering_lifecycle_management_base	703	cpe:2.3:a:ibm:ibm_engineering_lifecycle_management_base:703:::::::*