Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMAD70C090D178BCA7E4559E31455A4373DFCA50AD57987057B56F32E0FCA1341E
HistoryMar 14, 2024 - 9:36 a.m.

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to a denial of service attack due to Connect2id Nimbus-JOSE-JWT (CVE-2023-52428)

2024-03-1409:36:35
www.ibm.com
28
ibm
sterling connect:direct
windows
denial of service
vulnerability
cve-2023-52428
connect2id nimbus-jose-jwt
file agent

AI Score

6.8

Confidence

High

EPSS

0

Percentile

15.5%

JSON

Summary

Integrated File Agent used by IBM Sterling Connect:Direct for Microsoft Windows uses Connect2id Nimbus-JOSE-JWT. This bulletin identifies the steps to take to address the vulnerability.

Vulnerability Details

CVEID:CVE-2023-52428
**DESCRIPTION:**Connect2id Nimbus-JOSE-JWT is vulnerable to a denial of service, caused by improper validation of user requests by the PasswordBasedDecrypter (PBKDF2) component. By sending a specially crafted request using a large JWE p2c header, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284044 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Sterling Connect:Direct for Microsoft Windows 6.2.0.0 - 6.2.0.6_iFix011
IBM Sterling Connect:Direct for Microsoft Windows 6.3.0.0 - 6.3.0.2_iFix011

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading …

Affected Product(s) Version(s) Remediation / Fix
IBM Sterling Connect:Direct for Microsoft Windows 6.2.0.0 - 6.2.0.6_iFix011 Apply 6.2.0.6_iFix012, available on Fix Central
IBM Sterling Connect:Direct for Microsoft Windows 6.3.0.0 - 6.3.0.2_iFix011 Apply 6.3.0.2_iFix012, available on Fix Central

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsterling_connect\Matchdirect_for_microsoft_windows6.2.0
OR
ibmsterling_connect\Matchdirect_for_microsoft_windows6.3.0
VendorProductVersionCPE
ibmsterling_connect\direct_for_microsoft_windowscpe:2.3:a:ibm:sterling_connect\:direct_for_microsoft_windows:6.2.0:*:*:*:*:*:*:*
ibmsterling_connect\direct_for_microsoft_windowscpe:2.3:a:ibm:sterling_connect\:direct_for_microsoft_windows:6.3.0:*:*:*:*:*:*:*

Related

nessus 4
osv 6
ibm 6
github 1
nvd 1
redhatcve 1
prion 1
vulnrichment 1
cve 1
cgr 1
cvelist 1
wolfi 1
redhat 1
oracle 2
nessus
nessus
Atlassian Jira Service Management Data Center and Server < 5.4.19 / 5.11.x < 5.12.6 (JSDSERVER-15248)
2024-05-02 00:00:00
Oracle Primavera Unifier DoS (Apr 2024 CPU)
2024-04-17 00:00:00
Oracle Business Intelligence Enterprise Edition (July 2024 CPU)
2024-07-22 00:00:00
osv
osv
CVE-2023-52428
2024-02-11 05:15:08
Denial of Service in Connect2id Nimbus JOSE+JWT
2024-02-11 06:30:27
CGA-7v5w-r37c-32w7
2024-06-06 12:25:03
ibm
ibm
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Connect2id Nimbus-JOSE-JWT ( CVE-2023-52428)
2024-08-05 19:50:11
Security Bulletin:  IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial of Service Vulnerability in Nimbus-JOSE-JWT (CVE-2023-52428)
2024-05-20 14:44:13
Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to denial of service due to nimbus-jose-jwt.
2024-03-29 20:49:27
github
github
Denial of Service in Connect2id Nimbus JOSE+JWT
2024-02-11 06:30:27
nvd
nvd
CVE-2023-52428
2024-02-11 05:15:08
redhatcve
redhatcve
CVE-2023-52428
2024-09-04 17:45:08
prion
prion
Code injection
2024-02-11 05:15:00
vulnrichment
vulnrichment
CVE-2023-52428
2024-02-11 00:00:00
cve
cve
CVE-2023-52428
2024-02-11 05:15:08
cgr
cgr
CVE-2023-52428 vulnerabilities
2024-05-19 03:07:16
cvelist
cvelist
CVE-2023-52428
2024-02-11 00:00:00
wolfi
wolfi
CVE-2023-52428 vulnerabilities
2024-09-19 21:18:36
redhat
redhat
(RHSA-2024:6536) Moderate: Red Hat AMQ Streams 2.5.2 release and security update
2024-09-10 14:17:57
oracle
oracle
Oracle Critical Patch Update Advisory - July 2024
2024-07-16 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00

AI Score

6.8

Confidence

High

EPSS

0

Percentile

15.5%

JSON
Related for AD70C090D178BCA7E4559E31455A4373DFCA50AD57987057B56F32E0FCA1341E
nessus4osv6ibm6github1nvd1redhatcve1prion1vulnrichment1cve1cgr1cvelist1wolfi1redhat1oracle2