CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
37.8%
There is a vulnerability in OpenTelemetry gRPC package which is shipped as part of IBM CICS TX Standard. An update to IBM CICS TX Standard has been released to address the vulnerability.
CVEID:CVE-2023-47108
**DESCRIPTION:**OpenTelemetry OpenTelemetry-Go Contrib is vulnerable to a denial of service, caused by an unbound cardinality metrics flaw in otelgrpc when the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr
and net.peer.sock.port
. By sending a specially crafted request, a remote attacker could exploit this vulnerability to consume all available resources.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/272509 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM CICS TX Standard | 11.1 |
IBM strongly recommends addressing the vulnerability now by upgrading IBM CICS TX Standard.
Product | Version | Platform | Remediation/Fix |
---|---|---|---|
IBM CICS TX Standard |
11.1
| Linux|
Download the upgrade from Fix Central
None
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
37.8%