## Summary
Vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty when the feature mpGraphQL-1.0 or mpGraphQL-2.0 is enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Test Management, IBM Engineering Workflow Management
## Vulnerability Details
Refer to the security bulletin(s) listed in the Remediation/Fixes section
## Affected Products and Versions
Affected Product(s)| Version(s)
—|—
Jazz Foundation| 7, 7.0.1, 7.0.2
IBM Engineering Test Management| 7.0.1, 7.0.2
IBM Engineering Workflow Management
## Remediation/Fixes
CVE-2023-28867 may affect IBM® Engineering Lifecycle Engineering product mentioned above, which uses IBM WebSphere Application Server Liberty.
Versions Affected: 17.0.0.3 – 23.0.0.5
Liberty features impacted: mpGraphQL-1.0, mpGraphQL-2.0
If any of the mentioned affected product is deployed on one of the above versions, Please follow the instruction given in the following article.
Link:
## Workarounds and Mitigations
None