CVE-2023-34462 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-34462 PUBLISHED CVSS 8.699999809265137 HIGH

Es bestehen mehrere Schwachstellen in IBM QRadar SIEM. Diese Fehler existieren in mehreren Komponenten wie Google Guava, protobuf-java oder Netty, unter anderem wegen mehrerer sicherheitsrelevanter Probleme wie einer unkontrollierten Rekursion, einem stapelbasierten Pufferüberlauf oder einer unzulässigen Autorisierung und mehr. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder einen Spoofing-Angriff durchzuführen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzerinteraktion erforderlich.

EPSS 1.00% · 76.8th percentile

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS Score

1.00%

76.8th percentile

Affected Products

Vendor	Product	Versions
Dell	Dell ECS <3.8.1.0
NetApp	NetApp ActiveIQ Unified Manager
Oracle	Oracle Utilities Applications 4.4.0.2.0
Oracle	Oracle Communications Applications <= 6.0.3
Oracle	Oracle Utilities Applications 4.5.0.1.3
Oracle	Oracle Communications 7.2.0.0.0
Oracle	Oracle Financial Services Applications <= 11.8
Oracle	Oracle Communications Applications 6.3.1.0.0
Red Hat	Red Hat Integration Service Registry 1
Oracle	Oracle Utilities Applications 2.5.0.2
Oracle	Oracle Financial Services Applications 21.1
Oracle	Oracle Communications 9.0.0.0
Oracle	Oracle Communications <= 23.2.4
Oracle	Oracle Communications 8.6.0.0
Oracle	Oracle Financial Services Applications 19.1
Oracle	Oracle Financial Services Applications <= 14.3
Red Hat	Red Hat Integration Camel Extensions for Quarkus 1
Oracle	Oracle Financial Services Applications 11.10
Oracle	Oracle Communications 23.1.0.0
Oracle	Oracle Communications <= 9.2

…and 72 more

Timeline

Jun 20, 2023 CVE Published
Jun 23, 2023 EPSS Score
Jul 28, 2023 EPSS Score
Aug 31, 2023 EPSS Score
Nov 9, 2023 EPSS Score
Dec 13, 2023 EPSS Score
Jan 17, 2024 EPSS Score
Feb 8, 2024 PoC Published
Feb 21, 2024 EPSS Score
Mar 26, 2024 EPSS Score
Jun 4, 2024 EPSS Score
Jul 8, 2024 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1961.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1961 advisory
https://access.redhat.com/errata/RHSA-2023:5441 advisory
https://security.netapp.com/advisory/ntap-20230803-0001/ advisory
https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2518.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2518 advisory
https://security.netapp.com/advisory/ntap-20240125-0004/ advisory
https://access.redhat.com/errata/RHSA-2024:0148 advisory
https://access.redhat.com/errata/RHSA-2024:1192 advisory
https://access.redhat.com/errata/RHSA-2024:1193 advisory
https://access.redhat.com/errata/RHSA-2024:1194 advisory
https://www.ibm.com/support/pages/node/7108821 advisory
https://access.redhat.com/errata/RHSA-2023:5396 advisory
https://github.com/FasterXML/jackson-databind/issues/3972 advisory
https://access.redhat.com/errata/RHSA-2023:5484 advisory
https://access.redhat.com/errata/RHSA-2023:5488 advisory
https://access.redhat.com/errata/RHSA-2023:5486 advisory
https://access.redhat.com/errata/RHSA-2023:5485 advisory
https://access.redhat.com/errata/RHSA-2023:5946 advisory
https://access.redhat.com/errata/RHSA-2023:7641 advisory

…and 71 more

Open in Interactive Console →