IBMC41BB7D9468F79EBD4EB53FF3F0093C3D2B01040901E532E8D4FB142A0C3EBC4Security Bulletin: Vulnerability in Bouncy Castle Crypto Package affects IBM Process Mining . CVE-2023-33201
0.001 Low
EPSS
Percentile
19.1%
Summary
There is a vulnerability in Bouncy Castle Crypto Package that could allow a remote authenticated attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability.
Vulnerability Details
CVEID:CVE-2023-33201
**DESCRIPTION:**The Bouncy Castle Crypto Package For Java (bc-java) could allow a remote attacker to obtain sensitive information, caused by not validating the X.500 name of any certificate in the implementation of the X509LDAPCertStoreSpi.java class. By using blind LDAP injection attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258653 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Process Mining |
1.14.1, 1.14.0, 1.13.2, 1.13.1, 1.13.0, 1.12.0.5, 1.12.0.4
Remediation/Fixes
Remediation/Fixes guidance:
| Product(s) | **Version(s) number and/or range ** | Remediation/Fix/Instructions |
|---|---|---|
| IBM Process Mining |
1.14.1,
1.14.0, 1.13.2, 1.13.1, 1.13.0, 1.12.0.5, 1.12.0.4
|
Upgrade to version 1.14.2
1.Login to PassPortAdvantage
2. Search for
M0FHQML
Process Mining 1.14.2 Server Multiplatform Multilingual
3. Download package
4. Follow install instructions
5. Repeat for M0FHRML Process Mining 1.14.2 Client Windows Multilingual
| |
Workarounds and Mitigations
Workarounds/Mitigation guidance:
None known
Related
0.001 Low
EPSS
Percentile
19.1%