IBM2916F0E4CB6592E5B1A70E89C486DD355A2EE3C12700A4221F874B56423DA666Security Bulletin: IBM Edge Application Manager 4.5.1 addresses security vulnerability listed in CVE below.
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
42.9%
Summary
IBM Edge Application Manager 4.5.1 addresses the security vulnerability listed in the CVE below.
Vulnerability Details
CVEID:CVE-2023-2251
**DESCRIPTION:**YAML is vulnerable to a denial of service, caused by an uncaught exception in the parseDocument and parseAllDocuments functions. By sending a specially crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253642 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Edge Application Manager | 4.5 |
| IBM Edge Application Manager | 4.4 |
| IBM Edge Application Manager | 4.3 |
Remediation/Fixes
The fix/upgrade is a set of docker images, that will automatically be pulled and deployed from both dockerhub and the IBM Entitled Registry.
Workarounds and Mitigations
None
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | edge_application_manager | 4.3 | cpe:2.3:a:ibm:edge_application_manager:4.3:*:*:*:*:*:*:* |
| ibm | edge_application_manager | 4.4 | cpe:2.3:a:ibm:edge_application_manager:4.4:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
42.9%