Lucene search
K

10 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/08/03 1:1 p.m.28 views

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2023-33008

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2023-33008 DESCRIPTION: Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in BigDecimal. By sending a specially crafted JSON input, a...

5.3CVSS5.6AI score0.01454EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/04 1:25 p.m.30 views

Security Bulletin: Denial of service vulnerability in Johnzon affects IBM Business Automation Workflow - CVE-2023-33008

Summary IBM Business Automation Workflow is vulnerable to a denial of service attack. Vulnerability Details CVEID:CVE-2023-33008 DESCRIPTION: Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in BigDecimal. By sending a specially crafted JSON input, a...

5.3CVSS5.6AI score0.01454EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/02 11:19 a.m.30 views

Security Bulletin: Denial of Service vulnerability in Apache Johnzon may affect IBM Business Automation Workflow emitters - CVE-2023-33008

Summary IBM Business Automation Workflow BPMN event emitters are vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2023-33008 DESCRIPTION: Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in BigDecimal. By sending a specially...

5.3CVSS5.6AI score0.01454EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2023/10/25 2:53 p.m.70 views

Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.7.17 security update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.5CVSS7AI score0.99999EPSS
Exploits19References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/20 2:8 p.m.25 views

Security Bulletin: A vulnerability in Apache Johnzon may affect IBM Robotic Process Automation and result in a denial of service (CVE-2023-33008)

Summary There is a vulnerability in Apache Jonzon used by IBM Robotic Process Automation as part of the IBM Licensing and Metris Tool, which may result in a denial of service CVE-2023-33008. This bulletin identifies the security fixes to apply to address this vulnerability. Vulnerability Details...

5.3CVSS5.7AI score0.01454EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/04 4:4 p.m.50 views

Security Bulletin: The Transformation Advisor Tool in IBM App Connect Enterprise is vulnerable to a denial of service due to Apache Johnzon (CVE-2023-33008)

Summary The Transformation Advisor Tool in IBM App Connect Enterprise is vulnerable to a denial of service due to Apache Johnzon CVE-2023-33008. Vulnerability Details CVEID:CVE-2023-33008 DESCRIPTION: Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in...

5.3CVSS5.5AI score0.01454EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/07/07 9:7 a.m.30 views

CVE-2023-33008 Apache Johnzon: Prevent inefficient internal conversion from BigDecimal at large scale

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon. A malicious attacker can craft up some JSON input that uses large numbers numbers such as 1e20000000 that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result ...

5.3CVSS6.1AI score0.01454EPSS
Exploits0References3
CVE
CVE
added 2023/07/07 9:7 a.m.127 views

CVE-2023-33008

CVE-2023-33008 describes a deserialization flaw in Apache Johnzon that can cause a slow-deserialization/Denial-of-Service when processing untrusted JSON numbers like 1e20000000, due to converting to BigDecimal. Affected Johnzon versions prior to 1.2.21 are vulnerable; Johnzon 1.2.21 mitigates thi...

5.3CVSS5.4AI score0.01454EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/07/07 9:7 a.m.23 views

CVE-2023-33008 Apache Johnzon: Prevent inefficient internal conversion from BigDecimal at large scale

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon. A malicious attacker can craft up some JSON input that uses large numbers numbers such as 1e20000000 that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result ...

5.4AI score0.01454EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/07/07 9:7 a.m.16 views

CVE-2023-33008 Apache Johnzon: Prevent inefficient internal conversion from BigDecimal at large scale

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon. A malicious attacker can craft up some JSON input that uses large numbers numbers such as 1e20000000 that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result ...

5.2AI score0.01454EPSS
Exploits0References1
Rows per page
Query Builder