Lucene search

K
ibmIBM9A88DF225DE0552A67C12B5F9F32A8A472D94E5D6B37FF0DDDFB2716EE74C5C8
HistoryJan 22, 2024 - 2:30 p.m.

Security Bulletin: Due to the use of IBM WebSphere Liberty, IBM CICS TX Standard is vulnerable to a flaw in handling multiplexed streams in the HTTP/2 protocol (CVE-2023-44487).

2024-01-2214:30:02
www.ibm.com
12
ibm cics tx standard
ibm websphere liberty
http/2 protocol
denial of service
vulnerability
upgrade
fix
linux

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

0.708

Percentile

98.1%

Summary

IBM WebSphere Liberty is used by IBM CICS TX Standard to provide a web based administration console (CVE-2023-44487).

Vulnerability Details

CVEID:CVE-2023-44487
**DESCRIPTION:**Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By sending numerous HTTP/2 requests and RST_STREAM frames over multiple streams, a remote attacker could exploit this vulnerability to cause a denial of service due to server resource consumption.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268044 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM CICS TX Standard 11.1

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading IBM CICS TX Standard.

Product Version Platform Remediation / Fix
IBM CICS TX Standard

11.1

| Linux|

Download the upgrade from Fix Central

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcics_txMatch11.1standard
CPENameOperatorVersion
cics tx standardeq11.1

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

0.708

Percentile

98.1%