Lucene search

K
ibmIBMFD6E6C12408E7E7249F4F2941B783C2490F560B6EA45CC16B7D7B03EB2DF6186
HistoryJul 17, 2023 - 3:56 a.m.

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Eclipse Jetty (CVE-2023-26048)

2023-07-1703:56:06
www.ibm.com
10
ibm
infosphere information server
eclipse jetty
vulnerability
denial of service
cve-2023-26048
out of memory
multipart request
security bulletin
11.7
dt223805
11.7.1.0
11.7.1.4
service pack
datastage flow designer patch

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.002

Percentile

61.3%

Summary

A vulnerability in Eclipse Jetty used by IBM InfoSphere Information Server was addressed.

Vulnerability Details

CVEID:CVE-2023-26048
**DESCRIPTION:**Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the HttpServletRequest.getParameter() or HttpServletRequest.getParts() function. By sending a specially crafted multipart request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253356 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
InfoSphere Information Server 11.7

Remediation/Fixes

Product VRMF APAR Remediation
InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7 DT223805 --Apply IBM InfoSphere Information Server version 11.7.1.0
--Apply InfoSphere Information Server version 11.7.1.4
--Apply InfoSphere Information Server 11.7.1.4 Service pack 1
--Apply Information Server DataStage Flow Designer patch

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibminfosphere_information_serverMatch11.7

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.002

Percentile

61.3%