Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME5AE8B020911E43ECE9435B1998BAE75422828B6D5E8A02128146ABB118F4B18
HistoryOct 04, 2023 - 10:26 a.m.

Security Bulletin: IBM Jazz Reporting Service is vulnerable to a denial of service (CVE-2023-35116)

2023-10-0410:26:40
www.ibm.com
24
ibm jazz reporting service
denial of service
jackson-databind
cve-2023-35116

0.0004 Low

EPSS

Percentile

8.6%

JSON

Summary

The fix includes a new version of the jackson-databind runtime that resolves the specified vulnerability.

Vulnerability Details

CVEID:CVE-2023-35116
**DESCRIPTION:**Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By persuading a victim to open a specially crafted content, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258157 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Jazz Reporting Service 7.0.2
IBM Jazz Reporting Service 7.0.1

Remediation/Fixes

Released a iFix version for Jazz Reporting Service 7.0.2 iFix022: To ensure users could protect themselves from this vulnerability, a new version of the jackson-databind has been released in this ifix.

Product Version iFix Remediation / First Fix
IBM Jazz Reporting Service 7.0.2 iFix022 Fix Central - 7.0.2

Workarounds and Mitigations

None

Related

ibm 25
redhatcve 1
ubuntucve 1
nessus 8
debiancve 1
cve 1
prion 1
cvelist 1
redhat 5
oracle 2
ibm
ibm
Security Bulletin: Vulnerability CVE-2023-35116 affects CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.
2023-10-16 16:34:06
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2023-35116)
2024-02-19 08:15:33
Security Bulletin: IBM Spectrum Symphony with Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow
2024-02-28 16:01:26
redhatcve
redhatcve
CVE-2023-35116
2023-08-22 17:50:09
ubuntucve
ubuntucve
CVE-2023-35116
2023-06-14 00:00:00
nessus
nessus
Amazon Linux 2023 : jackson-core (ALAS2023-2023-248)
2023-07-20 00:00:00
Oracle Identity Manager (Apr 2024 CPU)
2024-04-23 00:00:00
Oracle Business Intelligence Enterprise Edition (April 2024 CPU)
2024-04-19 00:00:00
debiancve
debiancve
CVE-2023-35116
2023-06-14 14:15:00
cve
cve
CVE-2023-35116
2023-06-14 14:15:10
prion
prion
Code injection
2023-06-14 14:15:00
cvelist
cvelist
CVE-2023-35116
2023-06-14 00:00:00
redhat
redhat
(RHSA-2024:2707) Important: Red Hat Build of Apache Camel security update
2024-05-06 14:08:42
(RHSA-2023:5396) Moderate: Red Hat Data Grid 8.4.4 security update
2023-09-28 11:54:13
(RHSA-2024:0777) Important: jenkins and jenkins-2-plugins security update
2024-02-12 10:20:42
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00

0.0004 Low

EPSS

Percentile

8.6%

JSON
Related for E5AE8B020911E43ECE9435B1998BAE75422828B6D5E8A02128146ABB118F4B18
ibm25redhatcve1ubuntucve1nessus8debiancve1cve1prion1cvelist1redhat5oracle2