Lucene search

IBMFD6E6C12408E7E7249F4F2941B783C2490F560B6EA45CC16B7D7B03EB2DF6186

HistoryJul 17, 2023 - 3:56 a.m.

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Eclipse Jetty (CVE-2023-26048)

2023-07-1703:56:06

www.ibm.com

ibm

infosphere information server

eclipse jetty

vulnerability

denial of service

cve-2023-26048

out of memory

multipart request

security bulletin

11.7

dt223805

11.7.1.0

11.7.1.4

service pack

datastage flow designer patch

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.002 Low

EPSS

Percentile

61.4%

JSON

Summary

A vulnerability in Eclipse Jetty used by IBM InfoSphere Information Server was addressed.

Vulnerability Details

CVEID:CVE-2023-26048
**DESCRIPTION:**Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the HttpServletRequest.getParameter() or HttpServletRequest.getParts() function. By sending a specially crafted multipart request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253356 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
InfoSphere Information Server	11.7

Remediation/Fixes

Product	VRMF	APAR	Remediation
InfoSphere Information Server, InfoSphere Information Server on Cloud	11.7	DT223805	--Apply IBM InfoSphere Information Server version 11.7.1.0
--Apply InfoSphere Information Server version 11.7.1.4
--Apply InfoSphere Information Server 11.7.1.4 Service pack 1
--Apply Information Server DataStage Flow Designer patch

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibminfosphere_information_serverMatch11.7

CPENameOperatorVersion
ibm infosphere information servereq11.7

CPE	Name	Operator	Version
	ibm infosphere information server	eq	11.7

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.002 Low

EPSS

Percentile

61.4%

JSON

Related for FD6E6C12408E7E7249F4F2941B783C2490F560B6EA45CC16B7D7B03EB2DF6186