Lucene search

K
ibmIBMA9974419F36F880D84368C3B8139403D5A28E21A2C2B6D2DC8AA50229C8442A7
HistoryNov 21, 2023 - 1:18 p.m.

Security Bulletin: There is a vulnerability in jetty-server-9.4.48.v20220622.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-26049)

2023-11-2113:18:42
www.ibm.com
7
ibm maximo application suite
manage component
vulnerability
denial of service
ibm maximo manage application
upgrade
mas
manage patch fix
cve-2023-26048
jetty-server-9.4.48.v20220622.jar

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.6%

Summary

There is a vulnerability in jetty-server-9.4.48.v20220622.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-26049)

Vulnerability Details

CVEID:CVE-2023-26048
**DESCRIPTION:**Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the HttpServletRequest.getParameter() or HttpServletRequest.getParts() function. By sending a specially crafted multipart request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253356 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Maximo Application Suite - Manage Component

MAS 8.10.0 - Manage 8.6.0

Remediation/Fixes

For IBM Maximo Manage application in IBM Maximo Application Suite:

MAS Manage Patch Fix or Release
Upgrade to MAS 8.10.X

Upgrade to Manage 8.6.4 or latest (available from the Catalog under Update Available)

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm maximo application suiteeq8.10

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.6%