Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9930EF7D98AA5AC4E209BEF82129591FE45037B76494E54C33526BC1FCC44D13
HistoryDec 27, 2022 - 5:53 a.m.

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using WebSphere Application Server Liberty are vulnerable to denial of service due to Google protobuf-java

2022-12-2705:53:16
www.ibm.com
8
JSON

Summary

There is a vulnerability in the Google protobuf-java library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Engineering Lifecycle Management , Collaborative Lifecycle Management, IBM Engineering Requirements Management DOORS Next, Jazz Foundation, Global Configuration Management

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Version(s) Affected Product(s)
All Global Configuration Management
6.0.6, 6.0.6.1 Rational DOORS Next Generation
Collaborative Lifecycle Management
7, 7.0.1, 7.0.2 IBM Engineering Requirements Management DOORS Next
Engineering Lifecycle Management

Remediation/Fixes

This vulnerability affects IBM® Engineering Lifecycle Engineering products mentioned above, which uses IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled.

If the Product is deployed on one of the above versions, Please follow the instruction given in the following article

Link - <https://www.ibm.com/support/pages/node/6841889&gt;

Workarounds and Mitigations

None

JSON