VDB
CVE-2023-34149
CVE-2023-34149
PUBLISHED
CVSS 8.699999809265137 HIGH
In Apache Struts bestehen mehrere Schwachstellen aufgrund einer unsachgemäßen Validierung von Benutzereingaben. Ein Angreifer kann dies ausnutzen, um Struts dazu zu bringen, Speicher zu verbrauchen, was zu einem Denial of Service-Zustand führt.
EPSS 0.07% · 20.8th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.07%
20.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| IBM | IBM Security Guardium 11.4 | |
| IBM | IBM Security Guardium 11.3 | |
| EMC | EMC Avamar | |
| IBM | IBM InfoSphere Guardium | |
| IBM | IBM Security Guardium 11.5 | |
| IBM | IBM QRadar SIEM <7.5.0 UP7 | |
| IBM | IBM QRadar SIEM <7.5.0 UP13 | |
| IBM | IBM QRadar SIEM 7.5 | |
| IBM | IBM Tivoli Netcool/OMNIbus <8.1.0 FP32 |
Exploit Intelligence
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
- cve-2023-22527-yara.yar (github-yara)
Timeline
- Jun 13, 2023 CVE Published
- Jun 14, 2023 EPSS Score
- Jul 20, 2023 EPSS Score
- Sep 29, 2023 EPSS Score
- Nov 3, 2023 EPSS Score
- Dec 9, 2023 EPSS Score
- Jan 13, 2024 EPSS Score
- Feb 8, 2024 PoC Published
- Mar 24, 2024 EPSS Score
- Apr 29, 2024 EPSS Score
- Jun 4, 2024 EPSS Score
- Jun 25, 2024 CVE Updated
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1455.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1455 advisory
- https://cwiki.apache.org/confluence/display/WW/S2-063 advisory
- https://cwiki.apache.org/confluence/display/WW/S2-064 advisory
- https://www.ibm.com/support/pages/node/7033228 advisory
- https://www.ibm.com/support/pages/node/7068197 advisory
- https://www.ibm.com/support/pages/node/7069237 advisory
- https://www.dell.com/support/kbdoc/de-de/000226407/dsa-2024-280-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-multiple-security-vulnerabilities advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2625.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2625 advisory
- https://www.ibm.com/support/pages/node/7049133 advisory
- https://www.ibm.com/support/pages/node/7165686 advisory
- https://www.ibm.com/support/pages/node/7241589 advisory