15 matches found
Security Bulletin: There is a vulnerability in GraphQL used by IBM Maximo Asset Management (CVE-2022-37734)
Summary There is a vulnerability in GraphQL used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-37734 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By sending a specially-crafted request using Directive...
Security Bulletin: There is a vulnerability in GraphQL used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-37734)
Summary There is a vulnerability in GraphQL used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-37734 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By sending a...
Security Bulletin: CVE-2022-37734 may affect IBM CICS TX Standard
Summary WebSphere Application Server Liberty is vulnerable to denial of service due to GraphQL Java. This affects IBM WebSphere Liberty used by IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-37734 DESCRIPTION: GraphQL Java is...
Security Bulletin: CVE-2022-37734 may affect IBM CICS TX Advanced
Summary WebSphere Application Server Liberty is vulnerable to denial of service due to GraphQL Java. This affects IBM WebSphere Liberty used by IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-37734 DESCRIPTION: GraphQL Java is...
Security Bulletin: Vulnerability in GraphQL Java may affect IBM Robotic Process Automation and result in a denial of service (CVE-2022-37734)
Summary There is a vulnerability in the Java used by IBM Robotic Process Automation as part of it's infrastructure, license management and UMS which may result in a denial of service. CVE-2022-37734. This bulletin identifies the security fixes to apply to address this vulnerability. Vulnerability...
Security Bulletin: Vulnerability in WebSphere Application Server Liberty affect IBM Cloud Pak System (CVE-2022-37734)
Summary Vulnerability has been identified in WebSphere Application Server Liberty shipped with Cloud Pak System. Information about vulnerability has been published in security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products...
Security Bulletin: Liberty is vulnerable to denial of service due to GraphQL Java affecting IBM TXSeries for Multiplatforms
Summary Liberty is vulnerable to a denial of service due to GraphQL Java mpGraphQL-1.0 or mpGraphQL-2.0 caused by an uncontrolled resource consumption flaw. This affects WebSphere Application Server Liberty versions 17.0.0.3 - 22.0.0.11 used by IBM TXSeries for Multiplatforms. IBM TXSeries for...
Important: Red Hat Security Advisory: Red Hat build of Quarkus 2.13.5 release and security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...
Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2022-24839, CVE-2022-37734, CVE-2022-34165)
Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-24839 DESCRIPTION: Sparkle Motion Nokogiri is vulnerable to a denial o...
Security Bulletin: Vulnerability in GraphQL Java affects IBM Event Streams (CVE-2022-37734)
Summary There is a vulnerability in GraphQL Java that is used by IBM Event Streams. Vulnerability Details CVEID:CVE-2022-37734 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By sending a specially-crafted request using Directiv...
Security Bulletin: Rational Asset Analyzer is vulnerable to denial of service due to GraphQL Java (CVE-2022-37734)
Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by Rational Asset Analyzer. This vulnerability is located in the GraphQL Java library used by IBM WebSphere Application Server Liberty, with the mpGraphQL-1.0 or mpGraphQL-2.0 feature enabled. This has been addresse...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to denial of service due to GraphQL Java (CVE-2022-37734)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to denial of service due to GraphQL Java CVE-2022-37734 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Business Automation Workflow (CVE-2022-37734)
Summary WebSphere Application Server Liberty is shipped as part of IBM Business Automation Workflow containers and as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business Automation Workflow traditional. Information abou...
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to denial of service due to GraphQL Java (CVE-2022-37734)
Summary There is a vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty with the mpGraphQL-1.0 or mpGraphQL-2.0 feature enabled. This has been addressed. Vulnerability Details CVEID:CVE-2022-37734 DESCRIPTION: GraphQL Java is vulnerable to a denial of service...
CVE-2022-37734
CVE-2022-37734 is a documented Denial of Service in GraphQL Java. The vulnerability arises from an uncontrolled resource consumption flaw, exploitable by sending specially-crafted requests (Directive overloading). Affected graphs-java implementations listed in sources include the fix versions: 19...