Lucene search

K
ibmIBMBCBD3FADB7D5BFCBA54334DFE50104CE14693E0B043B9DD92DD4F2C2685B37AA
HistoryJun 27, 2023 - 11:49 a.m.

Security Bulletin: Vulnerability in Spring Framework affects IBM Process Mining . CVE-2023-20873

2023-06-2711:49:51
www.ibm.com
13
spring boot
ibm process mining
vulnerability
remote attacker
security restrictions
upgrade

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.007

Percentile

80.7%

Summary

There is a vulnerability in Spring Boot that could allow a remote attacker to bypass security restrictions on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability.

Vulnerability Details

CVEID:CVE-2023-20873
**DESCRIPTION:**VMware Tanzu Spring Boot could allow a remote attacker to bypass security restrictions, caused by a flaw with wildcard pattern matching when deployed on Cloud Foundry. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253466 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Process Mining 1.14.0, 1.13.2, 1.13.1

Remediation/Fixes

Remediation/Fixes guidance:

Product(s) **Version(s) number and/or range ** Remediation/Fix/Instructions
IBM Process Mining

1.14.0,
1.13.2, 1.13.1

|

Upgrade to version 1.14.1

1.Login to PassPortAdvantage

2. Search for
M0D0JML
Process Mining 1.14.1 Server Multiplatform Multilingual

3. Download package

4. Follow install instructions

5. Repeat for M0D0KML Process Mining 1.14.1 Client Windows Multilingual

| |

Workarounds and Mitigations

Workarounds/Mitigation guidance:

None known

Affected configurations

Vulners
Node
ibmcloud_pak_for_automationMatch1.14.0
OR
ibmcloud_pak_for_automationMatch1.13.2
OR
ibmcloud_pak_for_automationMatch1.13.1

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.007

Percentile

80.7%

Related for BCBD3FADB7D5BFCBA54334DFE50104CE14693E0B043B9DD92DD4F2C2685B37AA