Lucene search

K
ibmIBME56482F5C6694C66C649368CA7FBE27457989A2AB8CC71E317F19F2D1C52F293
HistoryFeb 16, 2024 - 8:30 a.m.

Security Bulletin: IBM Event Processing is vulnerable to a denial of service (CVE-2023-4043).

2024-02-1608:30:03
www.ibm.com
9
ibm event processing
denial of service
parsson-1.1.2.jar
eclipse parsson
bigdecimal
json processing
upgrade

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

10.5%

Summary

IBM Event Processing is vulnerable to a denial of service due to parsson-1.1.2.jar component. Parsson provides an implementation of Jakarta JSON Processing Specification.

Vulnerability Details

CVEID:CVE-2023-4043
**DESCRIPTION:**Eclipse Parsson is vulnerable to a denial of service, caused by a flaw when processing a large value in BigDecimal. By sending a specially crafted input using Json.createArrayBuilder().add(data), a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/270528 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Event Processing 1.0.0-1.1.0

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading

Upgrade to IBM Event Processing 1.1.1 by following the upgrading and migrating documentation.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmevent_streamsMatchany
CPENameOperatorVersion
ibm event automationeqany

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

10.5%

Related for E56482F5C6694C66C649368CA7FBE27457989A2AB8CC71E317F19F2D1C52F293