## Summary
IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to GraphQL Java (CVE-2023-28867)
## Vulnerability Details
Refer to the security bulletin(s) listed in the Remediation/Fixes section
## Affected Products and Versions
Affected Product(s) and Version(s)| Affecting Product(s) and Version(s)
—|—
IBM Cloud Pak for Applications
* 5.1
|
IBM WebSphere Application Server Liberty
* 17.0.0.3 – 23.0.0.5
## Remediation/Fixes
IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the APAR PH54373 as described in [Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to GraphQL Java (CVE-2023-28867)]().
## Workarounds and Mitigations
None