27 matches found
Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to okio-2.8.0.jar
Summary IBM webMethods BPM uses okio-2.8.0.jar for I/O operations to make reading and writing data faster and safer than Java's inbuilt APIs. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in okio-2.8.0.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of okio-2.8.0.jar Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client...
Security Bulletin: IBM Maximo Application Suite uses jsonata-1.8.6 which is vulnerable to CVE-2024-27307, CVE-2022-34169, CVE-2023-20861, CVE-2023-3635, CVE-2018-10237, CVE-2023-33201, CVE-2023-33202, CVE-2023-45288, CVE-2023-20863
Summary IBM Maximo Application Suite uses jsonata-1.8.6 which is vulnerable to CVE-2024-27307, CVE-2022-34169, CVE-2023-20861, CVE-2023-3635, CVE-2018-10237, CVE-2023-33201, CVE-2023-33202, CVE-2023-45288, CVE-2023-20863. This bulletin contains information regarding the vulnerability and its...
Security Bulletin: Vulnerability in Okio GzipSource affects watsonx.data
Summary Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a specially crafted gzi...
Security Bulletin: Vulnerablity in Okio GzipSource affects watsonx.data
Summary Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a specially crafted gzi...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Okio GzipSource denial of service vulnerability [ CVE-2023-3635]
Summary Potential Okio GzipSource denial of service vulnerability CVE-2023-3635 have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-3635...
Moderate: Red Hat Security Advisory: Red Hat JBoss EAP 7.4.14 XP 4.0.2.GA security release
JBoss EAP XP 4.0.2.GA security release on the EAP 7.4.14 base is now available. See references for release notes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses the source GzipSource and this does not handle an exception that might be raised when parsing a malformed gzip buffer. CVE-2023-3635
Summary IBM Maximo Application Suite - Visual Inspection Component uses the GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class...
Security Bulletin: Vulnerability of okio-1.13.0.jar is affecting APM WebSphere Application Server Agent, APM Tomcat Agent, APM SAP NetWeaver Java Stack Agent, APM WebLogic Agent and APM Data Collector for J2SE
Summary APM WebSphere Application Server Agent, APM Tomcat Agent, APM SAP NetWeaver Java Stack Agent, APM WebLogic Agent and APM Data Collector for J2SE are vulnerable to okio-1.13.0.jar CVE-2023-3635. The workaround includes okio-1.13.0.jar upgraded to okio-3.5.0.jar . Vulnerability Details...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to denial of service CVE-2023-3635
Summary Okio GzipSource is used by the IBM Datapower Operations Dashboard in its IO infrastructure. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a specially crafted gzip buffer, a remote...
Security Bulletin: IBM Workload Automation potentially affected by a vulnerability in Okio GzipSource (CVE-2023-3635)
Summary IBM Workload Automation is potentially affected by a vulnerability found in Okio GzipSource that can cause denial of service. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a specially...
Security Bulletin: IBM Storage Fusion HCI may be vulnerable to denial of service due to jackson-databind, okio (CVE-2022-42003, CVE-2023-35116, CVE-2023-3635)
Summary Java libraries jackson-databind and okio are used by IBM Storage Fusion HCI for logging. Vulnerabilities in these libraries could lead to Denial of Service as described the the CVEs listed in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION:...
Security Bulletin: IBM Storage Fusion may be vulnerable to denial of service due to jackson-databind, okio (CVE-2022-42003, CVE-2023-35116, CVE-2023-3635)
Summary Java libraries jackson-databind and okio are used by IBM Storage Fusion for logging. Vulnerabilities in these libraries could lead to Denial of Service as described the the CVEs listed in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXM...
Security Bulletin: IBM Maximo Application Suite uses okio-jvm-3.0.0.jar which is vulnerable to CVE-2023-3635
Summary IBM Maximo Application Suite uses okio-jvm-3.0.0.jar which is vulnerable to CVE-2023-3635. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by...
Security Bulletin: IBM Event Processing contains a vulnerability in okhttp Java
Summary Operator of IBM Event Processing contains a vulnerability in Okio-jvm which is vulnerable to a denial of service CVE-2023-3635. Vulnerability Details CVEID: CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a special...
Security Bulletin: IBM Event Endpoint Management is vulnerable to a denial of service
Summary Operator of IBM Event Endpoint Management is vulnerable to a denial of service of the Okio client CVE-2023-3635 Vulnerability Details CVEID: CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a specially crafted gzip...
Security Bulletin: IBM App Connect Enterprise Toolkit and IBM Integration Bus Toolkit are vulnerable to a denial of service due to Okio GzipSource (CVE-2023-3635).
Summary IBM App Connect Enterprise Toolkit and IBM Integration Bus Toolkit using Maven projects feature are vulnerable to a denial of service due to Okio GzipSource. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled...
Security Bulletin: Vulnerability in Okio GzipSource affects IBM Process Mining . CVE-2023-3635
Summary There is a vulnerability in CVE-2023-3635 that could allow a remote attacker to execute a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Ok...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Okio GzipSource
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Okio GzipSource. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a specially crafted gzip buffe...
Security Bulletin: Okio GzipSource is vulnerable to CVE-2023-3635 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses Okio GzipSource which is vulnerable to CVE-2023-3635. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a specially crafted gzip buffe...