7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.732 High
EPSS
Percentile
98.1%
WebSphere Liberty is shipped with IBM Business Automation Workflow traditional to support Process Federation Server and User Management Services. WebSphere Liberty is also the application server for IBM Business Automation Workflow on Containers. A denial of service vulnerability has been reported for WebSphere Liberty.
CVEID:CVE-2023-44487
**DESCRIPTION:**Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By sending numerous HTTP/2 requests and RST_STREAM frames over multiple streams, a remote attacker could exploit this vulnerability to cause a denial of service due to server resource consumption.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268044 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) | Status |
---|---|---|
IBM Business Automation Workflow containers |
V23.0.2 - 23.0.2-IF001
V23.0.1 - V23.0.1-IF005
V22.0.2 all fixes
V22.0.1 all fixes
V21.0.3 - V21.0.3-IF027
V21.0.2 all fixes
V20.0.0.2 all fixes
V20.0.0.1 all fixes
| affected
IBM Business Automation Workflow traditional| V23.0.2
V23.0.1
V22.0.1 - V22.0.2
V21.0.1 - V21.0.3
earlier unsupported releases| affected
IBM Business Automation Workflow Enterprise Service Bus| V23.0.1
V22.0.2| affected
For earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.
Affected Product(s) | Version(s) | Remediation / Fix |
---|---|---|
IBM Business Automation Workflow containers | V23.0.2 | Apply 23.0.2-IF002 |
IBM Business Automation Workflow containers | V23.0.1 | Apply 23.0.1-IF006 or upgrade to 23.0.2-IF002 |
IBM Business Automation Workflow containers | V21.0.3 | Apply 21.0.3-IF028 |
or upgrade to 23.0.1-IF006 or 23.0.2-IF002 or later | ||
IBM Business Automation Workflow containers | V23.0.1 | |
V22.0.1 - V22.0.2 | ||
V21.0.1 - V21.0.2 | ||
V20.0.0.1 - V20.0.0.2 | Upgrade to 21.0.3-IF028 | |
or upgrade to 23.0.2-IF002 or later | ||
IBM Business Automation Workflow traditional and IBM Business Automation Workflow Enterprise Service Bus |
V23.0.1 - V23.0.2
V22.0.1 - V22.0.2
V21.0.1 - V21.0.3
earlier unsupported releases
None
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.732 High
EPSS
Percentile
98.1%