IBM SDK Vulnerable to Denial of Service Attack

CVE-2023-38264

5.9MEDIUM

Key Information

Vendor: IBM
Status: Sdk, Java Technology Edition
Vendor: Published:; 14 May 2024

Summary

The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: 260578.

Affected Version(s)

SDK, Java Technology Edition <= 7.1.5.21

SDK, Java Technology Edition <= 8.0.8.21

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

NONE

Integrity:

NONE

Availability:

HIGH

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Timeline

Vulnerability published.
May 14, 2024
Vulnerability Reserved.
Jul 14, 2023

Collectors

NVD DatabaseMitre Database