Lucene search

Redhat.comRH:CVE-2023-38264

HistoryMay 10, 2024 - 8:27 a.m.

CVE-2023-38264

2024-05-1008:27:44

redhat.com

access.redhat.com

ibm

java technology edition

object request broker

denial of service

jep 290

maxref

maxdepth

deserialization filters

security vulnerability

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

The IBM SDK, Java Technology Edition’s Object Request Broker (ORB) is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters.

References

bugzilla.redhat.com/show_bug.cgi?id=2279963

nvd.nist.gov/vuln/detail/CVE-2023-38264

www.cve.org/CVERecord?id=CVE-2023-38264

www.ibm.com/support/pages/apar/IX90196

www.ibm.com/support/pages/java-sdk-security-vulnerabilities#IBM_Security_Update_May_2024

www.ibm.com/support/pages/node/7150727

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for RH:CVE-2023-38264