Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMF137AFB608D1F7DEB40744A9E3475381C0138DD99AEB3DD54B715FAF7F29DB70
HistoryNov 29, 2023 - 10:14 a.m.

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to OpenSSL.

2023-11-2910:14:17
www.ibm.com
17
ibm app connect enterprise
denial of service
openssl
vulnerability
cve-2023-3817
fix
apar
it44882

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.4%

JSON

Summary

IBM App Connect Enterprise is vulnerable to a denial of service due to OpenSSL. (CVE-2023-3817)

Vulnerability Details

CVEID:CVE-2023-3817
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check() functions to check a DH key or DH parameters. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262046 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM App Connect Enterprise 12.0.1.0 - 12.0.9.0
IBM App Connect Enterprise 11.0.0.1 - 11.0.0.22

Remediation/Fixes

IBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise

Affected Product(s) Version(s) APAR Remediation / Fix
IBM App Connect Enterprise 12.0.1.0 - 12.0.9.0 IT44882

The APAR (IT44882) is available from

IBM App Connect Enterprise v12 - Fix Pack 12.0.10.0

IBM App Connect Enterprise| 11.0.0.1 - 11.0.0.22| IT44882|

The APAR (IT44882) is available from

IBM App Connect Enterprise v11 - Fix Pack 11.0.0.23

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmapp_connect_enterpriseRange12.0.1.0
OR
ibmapp_connect_enterpriseRange12.0.9.0
OR
ibmapp_connect_enterpriseRange11.0.0.1
OR
ibmapp_connect_enterpriseRange11.0.0.22

Related

openvas 59
cbl_mariner 6
freebsd 1
ibm 6
openssl 1
wolfi 1
redhatcve 1
cgr 1
veracode 1
cve 1
nessus 90
debiancve 2
osv 5
cvelist 2
slackware 1
amazon 6
ubuntu 2
alpinelinux 2
broadcom 1
nvd 1
f5 2
prion 2
redos 1
debian 1
ubuntucve 2
photon 1
openvas
openvas
openSUSE: Security Advisory for openssl (SUSE-SU-2023:3244-2)
2024-03-04 00:00:00
openSUSE: Security Advisory for openssl (SUSE-SU-2023:3397-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:3958-1)
2023-10-05 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-3817 affecting package hvloader for versions less than 1.0.1-3
2024-06-06 19:53:22
CVE-2023-3817 affecting package edk2 for versions less than 20230301gitf80f052277c8-37
2024-04-17 22:02:46
CVE-2023-3817 affecting package rust for versions less than 1.68.2-5
2024-07-03 17:22:43
freebsd
freebsd
OpenSSL -- Excessive time spent checking DH q parameter value
2023-07-31 00:00:00
ibm
ibm
Security Bulletin: openssl-src-111.26.0+1.1.1u.crate is vulnerable to CVE-2023-3817 used in IBM Maximo Application Suite - Edge Data Collector
2024-03-05 09:15:22
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest
2024-03-14 05:23:12
Security Bulletin: IBM Event Streams is affected by an openSSL Vulnerability - CVE-2023-3817
2024-01-23 04:15:28
openssl
openssl
Vulnerability in OpenSSL CVE-2023-3817
2023-07-31 00:00:00
wolfi
wolfi
CVE-2023-3817 vulnerabilities
2024-07-03 16:16:08
redhatcve
redhatcve
CVE-2023-3817
2023-08-01 08:19:37
cgr
cgr
CVE-2023-3817 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Denial Of Service (DoS)
2023-08-06 07:40:29
cve
cve
CVE-2023-5678
2023-11-06 16:15:42
nessus
nessus
EulerOS 2.0 SP9 : openssl (EulerOS-SA-2024-1184)
2024-02-08 00:00:00
Ubuntu 20.04 LTS : OpenSSL vulnerabilities (USN-6435-2)
2023-10-25 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-1_1 (SUSE-SU-2023:4524-1)
2023-11-22 00:00:00
debiancve
debiancve
CVE-2023-5678
2023-11-06 16:15:42
CVE-2023-3817
2023-07-31 16:15:10
osv
osv
CVE-2023-5678
2023-11-06 16:15:42
openssl vulnerabilities
2023-10-25 12:40:20
openssl vulnerabilities
2023-10-18 19:51:24
cvelist
cvelist
CVE-2023-3817 Excessive time spent checking DH q parameter value
2023-07-31 15:34:13
CVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter value
2023-11-06 15:47:30
slackware
slackware
[slackware-security] openssl
2023-08-02 17:08:29
amazon
amazon
Medium: edk2
2023-08-17 11:58:00
Medium: openssl
2023-11-29 22:19:00
Medium: openssl11
2023-08-31 22:28:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2023-10-18 00:00:00
OpenSSL vulnerabilities
2023-10-25 00:00:00
alpinelinux
alpinelinux
CVE-2023-5678
2023-11-06 16:15:42
CVE-2023-3817
2023-07-31 16:15:10
broadcom
broadcom
Excessive time spent checking DH q parameter value (CVE-2023-3817)
2024-04-16 00:00:00
nvd
nvd
CVE-2023-3817
2023-07-31 16:15:10
f5
f5
K000138242 : OpenSSL vulnerability CVE-2023-5678
2024-01-17 00:00:00
K000137969 : OpenSSL vulnerability CVE-2023-3817
2023-12-19 00:00:00
prion
prion
Design/Logic Flaw
2023-11-06 16:15:00
Design/Logic Flaw
2023-07-31 16:15:00
redos
redos
ROS-20230907-04
2023-09-07 00:00:00
debian
debian
[SECURITY] [DLA 3530-1] openssl security update
2023-08-16 05:56:34
ubuntucve
ubuntucve
CVE-2023-3817
2023-07-31 00:00:00
CVE-2023-5678
2023-11-06 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2023-3.0-0640
2023-08-25 00:00:00

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.4%

JSON
Related for F137AFB608D1F7DEB40744A9E3475381C0138DD99AEB3DD54B715FAF7F29DB70
openvas59cbl_mariner6freebsd1ibm6openssl1wolfi1redhatcve1cgr1veracode1cve1nessus90debiancve2osv5cvelist2slackware1amazon6ubuntu2alpinelinux2broadcom1nvd1f52prion2redos1debian1ubuntucve2photon1