Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA4503A3D8C88F03AAF1FDD6AE6AA893CB99C1494E5AC52A804B1D1FB8B0DBE84
HistoryApr 17, 2023 - 11:58 a.m.

Security Bulletin: IBM Workload Scheduler potentially affected by a vulnerability found in Json-smart library (CVE-2023-1370)

2023-04-1711:58:22
www.ibm.com
11
ibm workload scheduler
json-smart library
vulnerability
stack exhaustion
software crash
cve-2023-1370
denial of service
apar ij46389
azure job executor
azure databricks job executor
azure resource manager job executor
azure storage job executor

0.001 Low

EPSS

Percentile

39.8%

JSON

Summary

IBM Workload Scheduler is potentially affected by a vulnerability found in Json-smart library that can cause a stack exhaustion (stack overflow) and software crash. Specifically, the following plugins can suffer from this issue: Azure Storage Job Executor, Azure Resource Manager Job Executor, Azure Job Executor, Azure Databricks Job Executor.

Vulnerability Details

CVEID:CVE-2023-1370
**DESCRIPTION:**netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted input, a remote attacker could exploit this vulnerability to cause a stack exhaustion and crash the software.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249885 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Workload Scheduler 9.5
IBM Workload Scheduler 10.1

Remediation/Fixes

APAR IJ46389 has been opened to address Json-smart vulnerability affecting IBM Workload Scheduler.
APAR IJ46389 is included in the following IBM Workload Scheduler plugins:

- Azure Job Executor version 10.1.0.07
- Azure Databricks Job Executor version 10.1.0.08
- Azure Resource Manager Job Executor version 10.1.0.07
- Azure Storage Job Executor version 10.1.0.08

Workarounds and Mitigations

None

Related

cvelist 1
atlassian 2
ibm 30
nessus 16
prion 1
github 2
cve 1
osv 5
redhatcve 1
cgr 1
ubuntucve 1
redhat 15
veracode 1
debiancve 1
openvas 2
debian 1
ubuntu 1
oracle 5
cvelist
cvelist
CVE-2023-1370 Stack exhaustion in json-smart leads to denial of service when parsing malformed JSON
2023-03-13 09:04:36
atlassian
atlassian
Json-smart Vulnerability in Jira Service Management Data Center and Server
2023-10-08 03:44:24
DoS (Denial of Service) net.minidev:json-smart Dependency in Jira Software Data Center and Server
2024-04-04 04:45:52
ibm
ibm
Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in netplex json-smart-v2 (CVE-2023-1370)
2023-07-14 22:12:37
Security Bulletin: IBM Spectrum Conductor with json-smart-v2 is vulnerable to a denial of service
2023-10-05 20:23:00
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in json-smart
2023-06-28 21:19:45
nessus
nessus
RHCOS 4 : OpenShift Container Platform 4.10.61 (RHSA-2023:3362)
2024-01-24 00:00:00
Atlassian Jira Service Management Data Center and Server 4.20.x < 4.20.27 / 5.4.x < 5.4.11 (JSDSERVER-14746)
2023-12-11 00:00:00
RHEL 8 : OpenShift Container Platform 4.10.61 (RHSA-2023:3362)
2024-04-28 00:00:00
prion
prion
Stack overflow
2023-03-22 06:15:00
github
github
Karate has vulnerable dependency on json-smart package (CVE-2023-1370)
2023-03-31 22:44:09
json-smart Uncontrolled Recursion vulnerabilty
2023-03-23 20:32:03
cve
cve
CVE-2023-1370
2023-03-22 06:15:09
osv
osv
CVE-2023-1370
2023-03-22 06:15:09
json-smart Uncontrolled Recursion vulnerabilty
2023-03-23 20:32:03
Karate has vulnerable dependency on json-smart package (CVE-2023-1370)
2023-03-31 22:44:09
redhatcve
redhatcve
CVE-2023-1370
2023-04-21 05:56:49
cgr
cgr
CVE-2023-1370 vulnerabilities
2024-05-19 03:07:16
ubuntucve
ubuntucve
CVE-2023-1370
2023-03-22 00:00:00
redhat
redhat
(RHSA-2023:3362) Important: OpenShift Container Platform 4.10.61 packages and security update
2023-06-07 09:15:59
(RHSA-2023:3193) Important: Red Hat Integration Camel Extensions for Quarkus 2.7.1-1 security update
2023-05-17 15:47:07
(RHSA-2023:3179) Important: Red Hat Integration Camel Extensions For Quarkus 2.13.2-2 security update
2023-05-17 12:25:13
veracode
veracode
Denial Of Service (DoS)
2023-03-24 05:47:33
debiancve
debiancve
CVE-2023-1370
2023-03-22 06:15:09
openvas
openvas
Ubuntu: Security Advisory (USN-6011-1)
2023-04-13 00:00:00
Debian: Security Advisory (DLA-3373-1)
2023-03-31 00:00:00
debian
debian
[SECURITY] [DLA 3373-1] json-smart security update
2023-03-31 08:03:30
ubuntu
ubuntu
Json-smart vulnerabilities
2023-04-12 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00

0.001 Low

EPSS

Percentile

39.8%

JSON
Related for A4503A3D8C88F03AAF1FDD6AE6AA893CB99C1494E5AC52A804B1D1FB8B0DBE84
cvelist1atlassian2ibm30nessus16prion1github2cve1osv5redhatcve1cgr1ubuntucve1redhat15veracode1debiancve1openvas2debian1ubuntu1oracle5