Lucene search

IBM1080F464F04784254AF527653866E743D4F78C943598D3F7C64326B474CBCB07

HistoryAug 12, 2024 - 7:34 p.m.

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Liberty Profile affects IBM Robotic Process Automation and may result in a denial of service ( CVE-2024-25026, CVE-2024-27268)

2024-08-1219:34:30

www.ibm.com

ibm

websphere

liberty provile

vulnerabilities

robotic process automation

denial of service

ibm x-force

cloud pak

version

remediation

fixes

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

High

JSON

Summary

Multiple vulnerabilities in IBM WebSphere Liberty Profile affects IBM Robotic Process Automation and may result in a denial of service. IBM WebSphere Liberty is used by IBM Robotic Process Automation for as part of Abbyy and Antivirus containers and UMS. This bulletin identifies the security fixes to apply to address the vulnerability.

Vulnerability Details

CVEID:CVE-2024-25026
**DESCRIPTION:**IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 281516.
CVSS Base score: 10
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/281516 for the current score.
CVSS Vector:

CVEID:CVE-2024-27268
**DESCRIPTION:**IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574.
CVSS Base score: 10
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284574 for the current score.
CVSS Vector:

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Robotic Process Automation for Cloud Pak	21.0.0 - 21.0.7.15, 23.0.0 - 23.0.16
IBM Robotic Process Automation	21.0.0 - 21.0.7.15, 23.0.0 - 23.0.16

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Product(s)	Version(s) number and/or range	Remediation/Fix/Instructions
IBM Robotic Process Automation	21.0.0 - 21.0.7.15	Download 21.0.7.16 or higher and follow these instructions.
IBM Robotic Process Automation for Cloud Pak	21.0.0 - 21.0.7.15	Update to 21.0.7.16 or higher using the following instructions.
IBM Robotic Process Automation	23.0.0 - 23.0.16	Download 23.0.17 or higher and follow these instructions.

IBM Robotic Process Automation for Cloud Pak

| 23.0.0 - 23.0.16| Update to 23.0.17 or higher using the following instructions.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmrobotic_process_automationMatch21.0.0

ibmrobotic_process_automationMatch21.0.7.15

ibmrobotic_process_automationMatch23.0.0

ibmrobotic_process_automationMatch23.0.16

VendorProductVersionCPE
ibmrobotic_process_automation21.0.0cpe:2.3:a:ibm:robotic_process_automation:21.0.0:*:*:*:*:*:*:*
ibmrobotic_process_automation21.0.7.15cpe:2.3:a:ibm:robotic_process_automation:21.0.7.15:*:*:*:*:*:*:*
ibmrobotic_process_automation23.0.0cpe:2.3:a:ibm:robotic_process_automation:23.0.0:*:*:*:*:*:*:*
ibmrobotic_process_automation23.0.16cpe:2.3:a:ibm:robotic_process_automation:23.0.16:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	robotic_process_automation	21.0.0	cpe:2.3:a:ibm:robotic_process_automation:21.0.0:::::::*
ibm	robotic_process_automation	21.0.7.15	cpe:2.3:a:ibm:robotic_process_automation:21.0.7.15:::::::*
ibm	robotic_process_automation	23.0.0	cpe:2.3:a:ibm:robotic_process_automation:23.0.0:::::::*
ibm	robotic_process_automation	23.0.16	cpe:2.3:a:ibm:robotic_process_automation:23.0.16:::::::*