IBM SDK Vulnerable to Denial of Service Attack
CVE-2023-38264
5.9MEDIUM
Summary
The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: 260578.
Affected Version(s)
SDK, Java Technology Edition <= 7.1.5.21
SDK, Java Technology Edition <= 8.0.8.21
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
NONE
Integrity:
NONE
Availability:
HIGH
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database