Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in JSON-java [CVE-2023-5072]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in JSON-java caused by a bug in the parser CVE-2023-5072. JSON-java is used as a component of our Speech microservices. This vulnerabilitiy has been addressed. Please read the details for...

Oracle Business Intelligence Enterprise Edition (OAS 7.0) (January 2024 CPU)

The version of Oracle Business Intelligence Enterprise Edition OAS 7.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product o...

Oracle Primavera P6 Enterprise Project Portfolio Management (January 2024 CPU)

The version of Primavera P6 Enterprise Project Portfolio Management installed on the remote host are affected by vulnerabilities as referenced in the January 2024 CPU advisory. - Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineeri...

Security Bulletin: IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-5072, CVE-2023-50164)

Summary IBM Security Guardium has addressed these vulnerabilities Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: JSON-java is vulnerable to a denial of service, caused by a bug in the parser. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cau...

Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service (CVE-2023-5072)

Summary IBM MQ Appliance has resolved a denial of service vulnerability. Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: JSON-java is vulnerable to a denial of service, caused by a bug in the parser. By sending a specially crafted request, a remote attacker could exploit this vulnerability...

Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.4 release and security update

Red Hat Integration Camel for Spring Boot 3.20.4 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 4.0.2 release security update

Red Hat Integration Camel for Spring Boot 4.0.2 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

DoS (Denial of Service) org.json:json Dependency in Bitbucket Data Center and Server

This High severity org.json:json Dependency vulnerability was introduced in versions 7.17.0, 7.21.15, 8.9.4, 8.13.0, 8.14.0, and 8.15.0 of Bitbucket Data Center and Server. This org.json:json Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

(RHSA-2023:7705) Important: Red Hat Build of Apache Camel for Quarkus 2.13.3 security update (RHBQ 2.13.9.Final)

A security update for Red Hat Build of Apache Camel for Quarkus 2.13.3 is now available updates to RHBQ 2.13.9.Final. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important. A Common...

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Apache Tomcat is vulnerable to a denial of service CVE-2023-44487, vulnerable to HTTP request smuggling CVE-2023-45648, and could all...

Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.6.0 release and security update

Red Hat AMQ Streams 2.6.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Security Bulletin: JSON-java is vulnerable to CVE-2023-5072 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses JSON-java, which is vulnerable to CVE-2023-5072. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: JSON-java is vulnerable to a denial of service, caused by ...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel for Quarkus 3.2.0 release (RHBQ 3.2.9.Final)

Red Hat Build of Apache Camel for Quarkus 3.2.0 is now available updates to RHBQ 3.2.9.Final. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products Red Hat Build of Apache Camel fo...

GHSA-4JQ9-2XHW-JPX7 Java: DoS Vulnerability in JSON-JAVA

Summary A denial of service vulnerability in JSON-Java was discovered by ClusterFuzz. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: 1 the parser bug can be used to circumvent a check that is supposed to...

Java: DoS Vulnerability in JSON-JAVA

Summary A denial of service vulnerability in JSON-Java was discovered by ClusterFuzz. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. There are two issues: 1 the parser bug can be used to circumvent a check that is supposed to...

DoS (Denial of Service) json-java in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.1 and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

Oracle Primavera Gateway (October 2023 CPU)

The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory. - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering component: Admin JSON-java. Supported versions that are...

Denial Of Service

JSON-Java is vulnerable to Denial of Service. The vulnerability is due to chars with value \0 being parsed incorrectly, which can results in an input string of modest size causing indefinite amounts of memory usage...

GHSA-RM7J-F5G5-27VV Duplicate Advisory: Denial of Service in JSON-Java

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4jq9-2xhw-jpx7. This link is maintained to preserve external references. Original Description Denial of Service in JSON-Java versions prior to 20230618. A bug in the parser means that an input string of modest...

Duplicate Advisory: Denial of Service in JSON-Java

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4jq9-2xhw-jpx7. This link is maintained to preserve external references. Original Description Denial of Service in JSON-Java versions prior to 20230618. A bug in the parser means that an input string of modest...