Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMDEFCA7B794DE13AEB92AB1BB064FAC2FAB33FF049B5D1B2E0D352550EB1724DF
HistoryApr 29, 2024 - 12:41 p.m.

Security Bulletin: rustix-0.37.20.crate, rustix-0.38.14.crate and rustix-0.38.2.crate is vulnerable to WS-2023-0366 used in IBM Maximo Application Suite - Edge Data Collector

2024-04-2912:41:00
www.ibm.com
9
rustix
denial of service
ibm maximo application suite
edge data collector
memory explosion
vulnerability
cve-2023-0366
cvss
linux
ibm

6.8 Medium

AI Score

Confidence

High

JSON

Summary

IBM Maximo Application Suite - Edge Data Collector uses rustix-0.37.20.crate, rustix-0.38.14.crate and rustix-0.38.2.crate which is vulnerable to WS-2023-0366

Vulnerability Details

**IBM X-Force ID:**269579
**DESCRIPTION:**Bytecode Alliance rustix is vulnerable to a denial of service, caused by a memory explosion flaw when using rustix::fs::Dir iterator with the linux_raw backend. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/269579 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Edge Data Collector 8.11

Remediation/Fixes

Affected Product(s) Version(s)
IBM Edge Data Collector 8.11.5 or latest (available from the Catalog under Update Available)

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmaximo_application_suiteMatch8.11
CPENameOperatorVersion
ibm maximo application suiteeq8.11

6.8 Medium

AI Score

Confidence

High

JSON