Site icon API Security Blog

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to GraphQL – CVE-2023-28867

## Summary

Vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty when the feature mpGraphQL-1.0 or mpGraphQL-2.0 is enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Test Management, IBM Engineering Workflow Management

## Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

## Affected Products and Versions

Affected Product(s)| Version(s)
—|—
Jazz Foundation| 7, 7.0.1, 7.0.2
IBM Engineering Test Management| 7.0.1, 7.0.2
IBM Engineering Workflow Management

## Remediation/Fixes

CVE-2023-28867 may affect IBM® Engineering Lifecycle Engineering product mentioned above, which uses IBM WebSphere Application Server Liberty.

Versions Affected: 17.0.0.3 – 23.0.0.5
Liberty features impacted: mpGraphQL-1.0, mpGraphQL-2.0

If any of the mentioned affected product is deployed on one of the above versions, Please follow the instruction given in the following article.

Link:

## Workarounds and Mitigations

None

##Read More

Exit mobile version