5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.1%
The Transformation Advisor Tool in IBM App Connect Enterprise is vulnerable to a denial of service due to json-path. This bulletin identifies the steps to take to address the vulnerability.
CVEID:CVE-2023-51074
**DESCRIPTION:**json-path is vulnerable to a denial of service, caused by a stack-based buffer overflow in the Criteria.parse method. By sending a specially crafted input, a remote attacker could exploit this vulnerability to cause an uncontrolled recursion, and results in a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/276174 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM App Connect Enterprise | 12.0.1.0 - 12.0.11.1 |
IBM App Connect Enterprise | 11.0.0.1 - 11.0.0.24 |
IBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise
Affected Product(s) | Version(s) | APAR | Remediation / Fixes |
---|---|---|---|
IBM App Connect Enterprise | 12.0.1.0 - 12.0.11.1 | IT45379 |
APAR (IT45379) is available from
IBM App Connect Enterprise v12 - Fix Pack 12.0.11.2
IBM App Connect Enterprise| 11.0.0.1 - 11.0.0.24| IT45379|
APAR (IT45379) is available from
IBM App Connect Enterprise v11 - Fix Pack 11.0.0.25
None
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.1%