Site icon API Security Blog

Security Bulletin: Denial of Service vulnerability affects IBM Business Automation Workflow (IBM X-Force ID 270419)

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details ** IBM X-Force ID: 270419 DESCRIPTION: **Enterprise Security API for Java is vulnerable to a denial of service, caused by a flaw in the HTTPUtilities.getFileUploads methods. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/270419 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions Affected Product(s)| Version(s)| Status —|—|— IBM Business Automation Workflow containers| V23.0.2 – V23.0.2-IF001 V23.0.1 all fixes V22.0.2 all fixes V22.0.1 all fixes V21.0.3 – V21.0.3-IF028 V21.0.2 all fixes V20.0.0.2 all fixes V20.0.0.1 all fixes | affected IBM Business Automation Workflow traditional| V23.0.1 – V23.0.2 V22.0.1 – V22.0.2 V21.0.1 – V21.0.3.1 V20.0.0.1 – V20.0.0.2 V19.0.0.1 – V19.0.0.3| affected For earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product. Remediation/Fixes The recommended solution is to apply the Interim Fix (iFix) or Cumulative Fix (CF) containing APAR DT260813 as soon as practical. Affected Product(s)| Version(s)| Remediation / Fix —|—|— IBM Business Automation Workflow containers| V23.0.2| Apply 23.0.2-IF002 IBM Business Automation…Read More

Exit mobile version