Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-38264
HistoryMay 14, 2024 - 1:21 p.m.

CVE-2023-38264

2024-05-1413:21:29
CWE-502
[email protected]
web.nvd.nist.gov
8
ibm
java
technology
object request broker
vulnerability
x-force id

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5.8

Confidence

High

EPSS

0

Percentile

9.0%

JSON

The IBM SDK, Java Technology Edition’s Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: 260578.

Related

cve 1
nessus 7
redhatcve 1
ibm 43
vulnrichment 1
redhat 3
cvelist 1
aix 1
openvas 2
cve
cve
CVE-2023-38264
2024-05-14 13:21:29
nessus
nessus
RHEL 7 : java-1.8.0-ibm (RHSA-2024:4160)
2024-06-27 00:00:00
CentOS 7 : java-1.8.0-ibm (RHSA-2024:4160)
2024-06-27 00:00:00
RHEL 8 : java-1.8.0-ibm (RHSA-2024:3685)
2024-06-06 00:00:00
redhatcve
redhatcve
CVE-2023-38264
2024-05-10 08:27:44
ibm
ibm
Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264
2024-08-14 09:00:59
Security Bulletin: Maximo Asset Management: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264
2024-05-31 14:39:53
Security Bulletin: IBM Integration Designer is vulnerable to a denial of service (CVE-2023-38264)
2024-05-17 20:57:35
vulnrichment
vulnrichment
CVE-2023-38264 IBM SDK, Java Technology Edition denial of service
2024-05-10 17:21:51
redhat
redhat
(RHSA-2024:3685) Moderate: java-1.8.0-ibm security update
2024-06-06 13:10:06
(RHSA-2024:6595) Moderate: java-1.8.0-ibm security update
2024-09-11 13:33:23
(RHSA-2024:4160) Moderate: java-1.8.0-ibm security update
2024-06-27 09:43:49
cvelist
cvelist
CVE-2023-38264 IBM SDK, Java Technology Edition denial of service
2024-05-10 17:21:51
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2024-06-24 15:10:30
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:1859-1)
2024-08-20 00:00:00
openSUSE: Security Advisory for java (SUSE-SU-2024:1859-1)
2024-08-20 00:00:00

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5.8

Confidence

High

EPSS

0

Percentile

9.0%

JSON
Related for NVD:CVE-2023-38264
cve1nessus7redhatcve1ibm43vulnrichment1redhat3cvelist1aix1openvas2