Lucene search

K
ibmIBMD976CAEED746DBFCD5B5D50BF9560BA40C34FB64BC3852FCE1CDE24C3076CD2E
HistoryMay 18, 2023 - 10:19 a.m.

Security Bulletin: Vulnerabilities in Java and IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights - CVE-2022-41946 & CVE-2023-24998

2023-05-1810:19:23
www.ibm.com
22
ibm cloud application business insights
java
ibm websphere application server liberty
cve-2022-41946
cve-2023-24998
denial of service
apache commons fileupload
tomcat
remediation
fix pack
vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.034 Low

EPSS

Percentile

91.4%

Summary

Vulnerabilities in Java and IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights CVE-2022-41946 & CVE-2023-24998

Vulnerability Details

CVEID:CVE-2023-24998
**DESCRIPTION:**Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247895 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud Application Business Insights 1.1.8
IBM Cloud Application Business Insights 1.1.7

Remediation/Fixes

For systems where IBM Cloud Application Business Insights version 1.1.7 is installed, the vulnerabilities can be remediated by applying the ICABI FixPack 1.1.7.7.

For systems where IBM Cloud Application Business Insights version 1.1.8 is installed, the vulnerabilities can be remediated by applying the ICABI FixPack 1.1.8.1.

ICABI 1.1.7 Fix Pack 7 - <https://www.ibm.com/docs/en/cabi/1.1.7?topic=summary-whats-new-in-fix-pack-7&gt;

ICABI 1.1.8 Fix Pack 1 - <https://www.ibm.com/docs/en/cabi/1.1.8?topic=summary-whats-new-in-fix-pack-1&gt;

The fixes and install instructions can be found at the following location:

Fix Pack Download Link (Fix Central)
ICABI 1.1.7.7 Fix Pack https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Cloud+App+Management&fixids=icabi_1.1.7.7_xlinux&source=SAR
ICABI 1.1.7.7 Fix Pack (plinux) https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Cloud+App+Management&fixids=ICABI_1.1.7.7_plinux&source=SAR
ICABI 1.1.8.1 Fix Pack https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Cloud+App+Management&fixids=icabi_1.1.8.1_xlinux&source=SAR
ICABI 1.1.8.1 Fix Pack (plinux) https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Cloud+App+Management&fixids=icabi_1.1.8.1_plinux&source=SAR

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmengineering_insightsMatch1.1.7
OR
ibmengineering_insightsMatch1.1.8

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.034 Low

EPSS

Percentile

91.4%