IBMD70A548302FB88FE5083E2401F2C5DC3606927918AE7411F5FC1565E2C72328BSecurity Bulletin: Daeja ViewONE may be affected by Bouncy Castle Vulnerability (CVE-2023-33201)
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
20.2%
Summary
ViewONE has a bundled version of Bouncy Castle containing a known security issue.
Vulnerability Details
CVEID:CVE-2023-33201
**DESCRIPTION:**The Bouncy Castle Crypto Package For Java (bc-java) could allow a remote attacker to obtain sensitive information, caused by not validating the X.500 name of any certificate in the implementation of the X509LDAPCertStoreSpi.java class. By using blind LDAP injection attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258653 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Daeja ViewONE Professional, Standard & Virtual | 5.0CD |
Remediation/Fixes
Bouncy Castle library bundled with ViewONE has been updated for release 5.0.13 ifix 1.
Download
|
—|—
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm daeja viewone virtual | eq | 5.0 |
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
20.2%