Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMACAC08CA40197874136FC8D303FC9B243B598A583AFF044200D88B0D91692CFE
HistoryJan 25, 2023 - 4:52 a.m.

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using WebSphere Application Server Liberty is vulnerable to denial of service due to Google protobuf-java (CVE-2022-3509, CVE-2022-3171)

2023-01-2504:52:00
www.ibm.com
11
JSON

Summary

There is a vulnerability in the Google protobuf-java library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Workflow Management

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Version(s)

|

Affected Product(s)

—|—

7.0, 7.0.1, 7.0.2

|

IBM Engineering Workflow Management

6.0.6, 6.0.6.1

|

Rational Team Concert

Remediation/Fixes

This vulnerability affects IBM® Engineering Lifecycle Engineering product mentioned above, which uses IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled.

If the Product is deployed on one of the above versions, Please follow the instruction given in the following article

Link - <https://www.ibm.com/support/pages/node/6841889&gt;

How to update the IBM SDK for Java of Engineering Lifecycle Management products? Please refer below article for more details.

<https://www.ibm.com/support/pages/how-update-ibm-sdk-java-engineering-lifecycle-management-products&gt;

Workarounds and Mitigations

None

Related

ibm 54
nessus 13
atlassian 4
ubuntucve 3
osv 6
debiancve 3
github 3
cve 3
prion 3
gentoo 1
wolfi 2
cnvd 2
redhatcve 2
veracode 2
cgr 2
redos 1
rubygems 1
fedora 3
openvas 6
redhat 6
mageia 1
suse 1
freebsd 1
photon 1
oracle 5
ibm
ibm
Security Bulletin: CVE-2022-3509, CVE-2022-3171 may affect IBM CICS TX Advanced
2023-02-23 15:49:27
Security Bulletin: WebSphere Application Server Liberty is vulnerable to CVE-2022-3509 and CVE-2022-3171 used in IBM Maximo Application Suite - Monitor Component
2023-05-09 14:37:12
Security Bulletin: Vulnerability in WebSphere Liberty affecting Watson Knowledge Catalog for IBM Cloud Pak for Data (CVE-2022-3509, CVE-2022-3171)
2023-03-13 16:43:36
nessus
nessus
Atlassian Jira Service Management Data Center and Server 4.20.x < 4.20.27 / 5.4.x < 5.4.11 (JSDSERVER-14755)
2023-11-17 00:00:00
GLSA-202301-09 : protobuf-java: Denial of Service
2023-01-11 00:00:00
Atlassian Jira Service Management Data Center and Server 4.20.x < 4.20.27 / 5.4.x < 5.4.11 (JSDSERVER-14754)
2023-12-11 00:00:00
atlassian
atlassian
DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Jira Software Data Center and Server
2024-02-14 10:46:12
com.google.protobuf:protobuf-java Vulnerability in Jira Service Management Data Center and Server
2023-10-09 01:44:49
DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Jira Software Data Center and Server
2024-02-14 10:46:09
ubuntucve
ubuntucve
CVE-2022-3509
2022-12-12 00:00:00
CVE-2022-3171
2022-10-12 00:00:00
CVE-2022-3510
2022-12-12 00:00:00
osv
osv
CVE-2022-3509
2022-12-12 13:15:14
Protobuf Java vulnerable to Uncontrolled Resource Consumption
2022-12-12 15:30:33
protobuf-java has a potential Denial of Service issue
2022-10-04 22:17:15
debiancve
debiancve
CVE-2022-3509
2022-12-12 13:15:00
CVE-2022-3171
2022-10-12 23:15:00
CVE-2022-3510
2022-12-12 13:15:00
github
github
Protobuf Java vulnerable to Uncontrolled Resource Consumption
2022-12-12 15:30:33
protobuf-java has a potential Denial of Service issue
2022-10-04 22:17:15
Protobuf Java vulnerable to Uncontrolled Resource Consumption
2022-12-12 15:30:33
cve
cve
CVE-2022-3509
2022-12-12 13:15:00
CVE-2022-3171
2022-10-12 23:15:00
CVE-2022-3510
2022-12-12 13:15:00
prion
prion
Design/Logic Flaw
2022-12-12 13:15:00
Design/Logic Flaw
2022-10-12 23:15:00
Code injection
2022-12-12 13:15:00
gentoo
gentoo
protobuf-java: Denial of Service
2023-01-11 00:00:00
wolfi
wolfi
CVE-2022-3171 vulnerabilities
2024-04-26 21:06:34
CVE-2022-3509 vulnerabilities
2024-04-26 21:06:34
cnvd
cnvd
Google protobuf-java denial of service vulnerability
2022-10-14 00:00:00
IBM WebSphere Application Server Liberty Denial of Service Vulnerability
2022-11-30 00:00:00
redhatcve
redhatcve
CVE-2022-3171
2022-10-26 14:23:07
CVE-2022-3509
2023-04-03 19:13:35
veracode
veracode
Denial Of Service (DoS)
2022-10-06 04:00:47
Denial Of Service (DoS)
2022-12-13 04:45:03
cgr
cgr
CVE-2022-3171 vulnerabilities
2024-04-26 21:07:55
CVE-2022-3509 vulnerabilities
2024-04-26 21:07:55
redos
redos
ROS-20221020-02
2022-10-20 00:00:00
rubygems
rubygems
protobuf-java has a potential Denial of Service issue
2022-10-03 21:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: protobuf-3.19.6-1.fc37
2022-12-18 01:43:08
[SECURITY] Fedora 36 Update: protobuf-3.19.6-1.fc36
2023-04-27 01:30:33
[SECURITY] Fedora 36 Update: perl-Alien-ProtoBuf-0.09-17.fc36
2023-04-27 01:30:33
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0092)
2023-03-28 00:00:00
Fedora: Security Advisory for protobuf (FEDORA-2022-25f35ed634)
2022-12-18 00:00:00
Fedora: Security Advisory for protobuf (FEDORA-2022-15729fa33d)
2023-04-28 00:00:00
redhat
redhat
(RHSA-2022:7896) Moderate: Red Hat Integration Debezium 1.9.7 security update
2022-11-09 13:46:18
(RHSA-2023:1855) Moderate: Red Hat JBoss EAP 7.4.10 XP 4.0.0.GA security release
2023-04-18 18:57:50
(RHSA-2023:4983) Important: Red Hat Process Automation Manager 7.13.4 security update
2023-09-05 18:35:52
mageia
mageia
Updated protobuf packages fix security vulnerability
2023-03-19 01:16:28
suse
suse
Security update for protobuf (important)
2022-11-09 00:00:00
freebsd
freebsd
MySQL -- Multiple vulnerabilities
2023-01-20 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0417
2023-06-30 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
JSON
Related for ACAC08CA40197874136FC8D303FC9B243B598A583AFF044200D88B0D91692CFE
ibm54nessus13atlassian4ubuntucve3osv6debiancve3github3cve3prion3gentoo1wolfi2cnvd2redhatcve2veracode2cgr2redos1rubygems1fedora3openvas6redhat6mageia1suse1freebsd1photon1oracle5