Integration News
IBM Sterling Partner Engagement Manager is vulnerable to Websphere Liberty DoS
Summary
IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. IBM Sterling Partner Engagement Manager 6.2.3.1 has included an upgraded version of WebSphere Liberty, which remediates this vulnerability.
Vulnerability Details
CVEID: CVE-2023-38737
Description: IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 262567.
CVSS Base score: 5.9
CVSS Temporal Score: Click here.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
Remediation/Fixes
Product | Versions | Remediation/Fix/Instructions |
IBM Sterling Partner Engagement Manager Essentials Edition | 6.2.3.1, 6.1.2.10, 6.2.0.8 |
Workarounds and Mitigations
None.
Cliquez sur le bouton ci-dessous pour télécharger cette lettre d’information au format Pdf.
