Lucene search
IBMFB9C5AFC0273254808AF57FF6E52B6B82D9D7C341E4E75FFEB2D85C8AB69A498HistoryMay 17, 2023 - 10:18 p.m.
Security Bulletin: IBM InfoSphere Information Server is affected by an information disclosure vulnerability in Jettison (CVE-2023-1436)
2023-05-1722:18:43
www.ibm.com
6
0.001 Low
EPSS
Percentile
32.0%
Summary
An information disclosure vulnerability in Jettison used by InfoSphere Information Server was addressed.
Vulnerability Details
CVEID:CVE-2023-1436
**DESCRIPTION:**Jettison is vulnerable to a denial of service, caused by an infinite recursion when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250490 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| InfoSphere Information Server | 11.7 |
Remediation/Fixes
| Product | VRMF | APAR | Remediation |
|---|---|---|---|
| InfoSphere Information Server, InfoSphere Information Server on Cloud | 11.7 | DT208923 | --Apply IBM InfoSphere Information Server version 11.7.1.0 |
| --Apply InfoSphere Information Server version 11.7.1.4 | |||
| --Apply InfoSphere Information Server 11.7.1.4 Service pack 1 |
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm infosphere information server | eq | 11.7 |
Related
nessus
nessus
Amazon Linux 2 : jettison (ALAS-2023-2053)
2023-06-05 00:00:00
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM / 23.04 : Jettison vulnerability (USN-6179-1)
2023-06-20 00:00:00
openSUSE 15 Security Update : jettison (SUSE-SU-2023:1948-1)
2023-04-25 00:00:00
osv
osv
Jettison vulnerable to infinite recursion
2023-03-22 06:30:21
libjettison-java vulnerability
2023-06-20 10:11:48
CVE-2023-1436
2023-03-22 06:15:09
amazon
amazon
Important: jettison
2023-05-25 17:41:00
ubuntu
ubuntu
Jettison vulnerability
2023-06-20 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6179-1)
2023-06-21 00:00:00
prion
prion
Design/Logic Flaw
2023-03-22 06:15:00
atlassian
atlassian
cvelist
cvelist
debiancve
debiancve
CVE-2023-1436
2023-03-22 06:15:09
github
github
Jettison vulnerable to infinite recursion
2023-03-22 06:30:21
ubuntucve
ubuntucve
CVE-2023-1436
2023-03-22 00:00:00
cve
cve
CVE-2023-1436
2023-03-22 06:15:09
redhatcve
redhatcve
CVE-2023-1436
2023-03-30 10:13:52
veracode
veracode
Denial Of Service (DoS)
2023-03-25 01:50:32
ibm
ibm
redhat
redhat
(RHSA-2023:3667) Moderate: Red Hat Integration Camel Extensions for Quarkus 2.13.3 security update
2023-06-19 16:31:18
(RHSA-2023:4506) Important: Red Hat JBoss Enterprise Application Platform security update
2023-08-07 14:59:17
(RHSA-2023:4924) Important: Red Hat Single Sign-On 7.6.5 security update
2023-08-31 13:27:26
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
0.001 Low
EPSS
Percentile
32.0%
Related for FB9C5AFC0273254808AF57FF6E52B6B82D9D7C341E4E75FFEB2D85C8AB69A498