Site icon API Security Blog

Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA – Vulnerabilities addressed in IBM® License Key Server

Summary IBM Engineering Requirements Management DOORS Family is subject to multiple vulnerabilities in IBM License Key Server (LKS) Administration and Reporting Tool (ART) and Agent v9.0. Vulnerability Details CVEID:CVE-2022-37734 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By sending a specially-crafted request using Directive overloading, a remote attacker could exploit this vulnerability to cause a denial of service condition. CWE:CWE-400: Uncontrolled Resource Consumption CVSS Source: IBM X-Force CVSS Base score: 7.5 CVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID:CVE-2022-22475 DESCRIPTION: IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 through 22.0.0.5 are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603. CWE:CWE-310: Cryptographic Issues CVSS Source: IBM X-Force CVSS Base score: 5 CVSS Vector:(CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L) CVEID:CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system. CWE:CWE-502: Deserialization of Untrusted Data CVSS Source: IBM X-Force CVSS Base score: 8.1 CVSS…Read More

Exit mobile version