7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.2 High
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
82.0%
avro is used by IBM Event Streams as part of dependencies under Java (CVE-2023-39410). This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. This bulletin identifies the steps to take to address the vulnerability.
CVEID:CVE-2023-39410
**DESCRIPTION:**Apache Avro Java SDK could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/267324 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Event Streams | 10.0.0 - 11.2.4 |
IBM strongly recommends addressing the vulnerability now by upgrading
Upgrade to IBM Event Streams 11.2.5 by following the upgrading and migrating documentation.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm event streams | ge | 10.0.0 | |
ibm event streams | le | 11.2.4 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.2 High
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
82.0%