Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB3984E1FDCABA028DD0DA52714B43D8518948D14153FA96284D3D4E244DF91BD
HistoryJul 15, 2024 - 8:04 p.m.

Security Bulletin: IBM Sterling Partner Engagement Manager is impacted by WebSphere Application Server Liberty DoS Vulnerability

2024-07-1520:04:58
www.ibm.com
2
ibm sterling partner engagement manager
websphere application server liberty
denial of service vulnerability
cve-2023-38737
security bulletin
remediation
ibm x-force id

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

46.0%

JSON

Summary

IBM Sterling Partner Engagement Manager has addressed a WebSphere Application Server Liberty denial of service vulnerability, denial of service (CVE-2023-38737) vulnerability.

Vulnerability Details

CVEID:CVE-2023-38737
**DESCRIPTION:**IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 262567.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262567 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
PEM 6.2.1.x
PEM 6.2.2.x
PEM 6.1.2.x
PEM 6.2.3
PEM 6.2.0.x

Remediation/Fixes

Product Version(s) Remediation/Fix/Instructions
IBM Sterling Partner Engagement Manager Essentials Edition 6.2.3.1, 6.1.2.10, 6.2.0.8 Download 6.2.3.1 and follow installation instructions
IBM Sterling Partner Engagement Manager Standard Edition 6.2.3.1, 6.1.2.10, 6.2.0.8 Download 6.2.3.1 and follow installation instructions

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsterling_partner_engagement_managerMatch6.2.2
OR
ibmsterling_partner_engagement_managerMatch62.0
OR
ibmsterling_partner_engagement_managerMatch6.1.2
VendorProductVersionCPE
ibmsterling_partner_engagement_manager6.2.2cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.2:*:*:*:*:*:*:*
ibmsterling_partner_engagement_manager62.0cpe:2.3:a:ibm:sterling_partner_engagement_manager:62.0:*:*:*:*:*:*:*
ibmsterling_partner_engagement_manager6.1.2cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.1.2:*:*:*:*:*:*:*

Related

ibm 22
prion 1
nessus 1
cvelist 1
cve 1
nvd 1
ibm
ibm
Security Bulletin: CVE-2023-38737 may affect IBM WebSphere Liberty shipped with IBM TXSeries for Multiplatforms
2023-11-06 10:16:33
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2023-38737)
2023-08-15 17:44:25
Security Bulletin: IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty is vulnerable to a denial of service. (CVE-2023-38737)
2023-10-26 09:45:36
prion
prion
Design/Logic Flaw
2023-08-16 19:15:00
nessus
nessus
IBM WebSphere Application Server Liberty 22.0.0.13 < 23.0.0.8 DoS (7027509)
2023-10-06 00:00:00
cvelist
cvelist
CVE-2023-38737 IBM WebSphere Application Server Liberty denial of service
2023-08-16 18:07:30
cve
cve
CVE-2023-38737
2023-08-16 19:15:09
nvd
nvd
CVE-2023-38737
2023-08-16 19:15:09

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

46.0%

JSON
Related for B3984E1FDCABA028DD0DA52714B43D8518948D14153FA96284D3D4E244DF91BD
ibm22prion1nessus1cvelist1cve1nvd1