Summary There is a vulnerability in Enterprise Security API for Java that could allow a remote attacker to exploit this vulnerability and cause a denial of service condition.. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** IBM X-Force ID: 270419 DESCRIPTION: **Enterprise Security API for Java is vulnerable to a denial of service, caused by a flaw in the HTTPUtilities.getFileUploads methods. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/270419 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM Process Mining| 1.14.0, 1.14.1, 1.14.2, 1.14.2 IF001 Remediation/Fixes Any open source library may be included in one or more sub-components of IBM Process Mining. Open source updates are not always synchronized across all components. The CVE in this bulletin are specifically addressed by CVE/ X-Force ID| Addressed in component —|— 270419| Process Mining Product(s)| Version(s) number and/or range | Remediation/Fix/Instructions —|—|— IBM Process Mining containers| 1.14.0, 1.14.1, 1.14.2, 1.14.2 IF001 | **Install/Upgrade to version 1.14.3 Installing a Production deployment 1.**To…Read More
Security Bulletin: Vulnerability in Enterprise Security API for Java affects IBM Process Mining – X-Force ID 270419
