7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.7 High
AI Score
Confidence
High
0.732 High
EPSS
Percentile
98.1%
IBM WebSphere Application Server Liberty for IBM i is vulnerable to denial of service due to a flaw in handling multiplexed streams as described in the vulnerability details section. IBM i has addressed the vulnerability in IBM WebSphere Application Server Liberty with a fix as described in the remediation/fixes section.
CVEID:CVE-2023-44487
**DESCRIPTION:**Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By sending numerous HTTP/2 requests and RST_STREAM frames over multiple streams, a remote attacker could exploit this vulnerability to cause a denial of service due to server resource consumption.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268044 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM i | 7.5 |
IBM i | 7.4 |
IBM i | 7.3 |
IBM i | 7.2 |
The issue can be fixed by applying a PTF to IBM i. IBM i releases 7.5, 7.4, 7.3, and 7.2 will be fixed.
The IBM i PTF numbers for 5770-SS1 Option 3 contain the fix for the vulnerability.
IBM i Release| 5770-SS1 Option 3
PTF Numbers| PTF Download Link
—|—|—
7.5| SI85401| <https://www.ibm.com/support/pages/ptf/SI85401>
7.4| SI85402| <https://www.ibm.com/support/pages/ptf/SI85402>
7.3| SI85403| <https://www.ibm.com/support/pages/ptf/SI85403>
7.2| SI85404| <https://www.ibm.com/support/pages/ptf/SI85404>
<https://www.ibm.com/support/fixcentral>
Important note: IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.
None.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.7 High
AI Score
Confidence
High
0.732 High
EPSS
Percentile
98.1%