Summary A vulnerability in Connect2id Nimbus-JOSE-JWT that is used by the JDBC driver in InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-52428 DESCRIPTION: **Connect2id Nimbus-JOSE-JWT is vulnerable to a denial of service, caused by improper validation of user requests by the PasswordBasedDecrypter (PBKDF2) component. By sending a specially crafted request using a large JWE p2c header, a remote attacker could exploit this vulnerability to cause a denial of service. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284044 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions Affected Product(s)| Version(s) —|— InfoSphere Information Server| 11.7 Remediation/Fixes Product| VRMF| APAR| Remediation —|—|—|— InfoSphere Information Server, InfoSphere Information Server on Cloud| 11.7| DT392502| –Apply IBM InfoSphere Information Server version 11.7.1.0 –Apply InfoSphere Information Server version 11.7.1.5 –Apply InfoSphere Information Server Framework security patch Workarounds and Mitigations…Read More