Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM8D5037BE0C4ADA3747511AD9F03D7A030851529B86C9202D4A84E41FAE940138
HistoryMay 17, 2024 - 8:57 p.m.

Security Bulletin: IBM Integration Designer is vulnerable to a denial of service (CVE-2023-38264)

2024-05-1720:57:35
www.ibm.com
7
ibm integration designer
denial of service
vulnerability
java version 8
cve-2023-38264
business automation workflow
fix
ibm sdk
orb
deserialization filters
cvss score
ibm x-force id

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.7%

JSON

Summary

Vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVE.

Vulnerability Details

CVEID:CVE-2023-38264
**DESCRIPTION:**The IBM SDK, Java Technology Edition’s Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: 260578.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/260578 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Business Automation Workflow 23.0.2
Business Automation Workflow 21.0.3

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Product Version Fix
IBM Integration Designer 23.0.2 Download fix for version 23.0.2
IBM Integration Designer 21.0.3 Download fix for version 21.0.3

Workarounds and Mitigations

None

Related

redhatcve 1
cvelist 1
cve 1
ibm 5
nessus 2
redhatcve
redhatcve
CVE-2023-38264
2024-05-10 08:27:44
cvelist
cvelist
CVE-2023-38264 IBM SDK, Java Technology Edition denial of service
2024-05-10 17:21:51
cve
cve
CVE-2023-38264
2024-05-14 13:21:29
ibm
ibm
Security Bulletin: Maximo Asset Management: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264
2024-05-31 14:39:53
Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to April 2024 CPU
2024-05-13 14:27:02
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager (CVE-2024-21094, CVE-2024-21085, CVE-2024-21011, CVE-2023-38264)
2024-05-21 19:42:39
nessus
nessus
IBM Java 7.1 < 7.1.5.22 / 8.0 < 8.0.8.25 Multiple Vulnerabilities
2024-05-09 00:00:00
RHEL 7 : ibm_jdk (Unpatched Vulnerability)
2024-05-11 00:00:00

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.7%

JSON
Related for 8D5037BE0C4ADA3747511AD9F03D7A030851529B86C9202D4A84E41FAE940138
redhatcve1cvelist1cve1ibm5nessus2