Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMBF03035E6A5E77E58D3E4BAC496B0A7224A83899C1BF055228BC63D362A91C07
HistoryMar 04, 2024 - 8:15 p.m.

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for January 2023.

2024-03-0420:15:17
www.ibm.com
7
ibm business automation insights
january 2023
vulnerability
elastic elasticsearch
denial of service

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Summary

Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF001.

Vulnerability Details

CVEID:CVE-2023-46673
**DESCRIPTION:**Elastic Elasticsearch is vulnerable to a denial of service, caused by improper handling of exceptional conditions. By sending a specially crafted request using the Simulate Pipeline API, a remote authenticated attacker could exploit this vulnerability to cause an Elasticsearch node to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/272207 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Business Automation Insights 23.0.2

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Product(s) **Version(s) number and/or range ** Remediation/Fix/Instructions
IBM Business Automation Insights 23.0.2 Apply security fix 23.0.2-IF001 or above

Workarounds and Mitigations

None.

Affected configurations

Vulners
Node
ibmbusiness_automation_workflowMatch23.0.2

Related

ubuntucve 1
osv 2
github 1
prion 1
ibm 2
veracode 1
cvelist 1
cve 1
redhatcve 1
nvd 1
ubuntucve
ubuntucve
CVE-2023-46673
2023-11-22 00:00:00
osv
osv
Elasticsearch Improper Handling of Exceptional Conditions
2023-11-22 12:30:26
BIT-elasticsearch-2023-46673
2024-03-06 10:51:39
github
github
Elasticsearch Improper Handling of Exceptional Conditions
2023-11-22 12:30:26
prion
prion
Code injection
2023-11-22 10:15:00
ibm
ibm
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Elastic Elasticsearch denial of service vulnerability ( CVE-2023-46673)
2024-02-13 15:00:02
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2024.
2024-02-02 08:30:03
veracode
veracode
Denial Of Service (DoS)
2023-11-23 07:34:50
cvelist
cvelist
CVE-2023-46673
2023-11-22 09:27:10
cve
cve
CVE-2023-46673
2023-11-22 10:15:08
redhatcve
redhatcve
CVE-2023-46673
2023-11-23 01:57:43
nvd
nvd
CVE-2023-46673
2023-11-22 10:15:08

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON
Related for BF03035E6A5E77E58D3E4BAC496B0A7224A83899C1BF055228BC63D362A91C07
ubuntucve1osv2github1prion1ibm2veracode1cvelist1cve1redhatcve1nvd1