IBMAB90E18D966EE3ADC7A83B291256BB40CE256F437C869A037BBE49D330A4552BSecurity Bulletin: Vulnerability in Apache Jena-arq library affects IBM Engineering Lifecycle Optimization - Publishing
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
55.7%
Summary
IBM Engineering Lifecycle Optimization - Publishing is vulnerable to a remote attack due to Apache Jena-arq
Vulnerability Details
CVEID:CVE-2023-22665
**DESCRIPTION:**Apache Jena could allow a remote attacker to execute arbitrary code on the system, caused by improper checking of user queries. By sending a specially crafted SPARQL query, an attacker could exploit this vulnerability to execute arbitrary javascript on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253583 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| PUB | 7.0.1 |
| PUB | 7.0.2 |
Remediation/Fixes
| Product | Version(s) | How to remediate ? |
|---|---|---|
| IBM Engineering Lifecycle Optimization - Publishing | 7.0.1 | The vulnerability can be remediated by applying the following PUB 7.0.1 iFix023 or later iFixes |
| 7.0.2 | The vulnerability can be remediated by applying the following PUB 7.0.2 iFix025 or later iFixes |
Workarounds and Mitigations
None
Affected configurations
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
55.7%