Lucene search

K
ibmIBMA806BC59A4060B4A6ABABA0889A50CFF317CD2B7178ADC1CADAD88448C8B5342
HistoryOct 31, 2023 - 7:41 a.m.

Security Bulletin: Vulnerability in jetty-server-9.4.48.v20220622.jar affects IBM Integrated Analytics System (Sailfish) [CVE-2023-26048]

2023-10-3107:41:58
www.ibm.com
96
jetty server
ibm integrated analytics system
vulnerability
upgrade
fix central

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

6.6

Confidence

High

EPSS

0.002

Percentile

61.3%

Summary

The jetty-server-9.4.48.v20220622.jar package is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVE [ CVE-2023-26048].

Vulnerability Details

CVEID:CVE-2023-26048
**DESCRIPTION:**Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the HttpServletRequest.getParameter() or HttpServletRequest.getParts() function. By sending a specially crafted multipart request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253356 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Integrated Analytics System 1.0.0-1.0.28.0

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading to latest version.

Affected Product(s) VRMF Remediation/Fixes
IBM Integrated Analytics System 1.0.28.1 Link to Fix Central

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsmart_analytics_system_7710Matchany
CPENameOperatorVersion
ibm integrated analytics systemeqany

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

6.6

Confidence

High

EPSS

0.002

Percentile

61.3%