Vulnerability Name:

CVE-2023-24998 (CCN-247895)

Assigned:2023-02-20
Published:2023-02-20
Updated:2023-05-30
Summary:Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2023-24998

Source: security@apache.org
Type: UNKNOWN
security@apache.org

Source: XF
Type: UNKNOWN
apache-cve202324998-dos(247895)

Source: CCN
Type: Apache Mailing List, Monday, February 20, 2023 10:55:04 AM EST
CVE-2023-24998 Apache Commons FileUpload - DoS with excessive parts

Source: security@apache.org
Type: Mailing List, Vendor Advisory
security@apache.org

Source: security@apache.org
Type: UNKNOWN
security@apache.org

Source: CCN
Type: Apache Web site
Apache Tomcat denial of service

Source: CCN
Type: IBM Security Bulletin 6962169 (WebSphere Service Registry and Repository)
Vulnerabilities in Apache Shiro (CVE-2022-40664) and Apache Commons FileUpload (CVE-2023-24998) affect IBM WebSphere Service Registry and Repository.

Source: CCN
Type: IBM Security Bulletin 6962725 (eDiscovery Manager)
Apache Commons FileUpload (Publicly disclosed vulnerability) affects IBM eDiscovery Manager (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 6964176 (Sterling Control Center)
IBM Sterling Control Center is vulnerable to denial of service due to Apache commons-fileupload (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 6964530 (Jazz for Service Management)
IBM Jazz for Service Management is vulnerable to commons-fileupload-1.4.jar (Publicly disclosed vulnerability found by Mend) (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 6964742 (Tivoli Netcool/OMNIbus)
Vulnerability in Apache Commons FileUpload library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 6964808 (Watson Explorer)
IBM Watson Explorer affected by vulnerability in Apache Commons.

Source: CCN
Type: IBM Security Bulletin 6966440 (Tivoli Netcool/Impact)
IBM Tivoli Netcool Impact is vulnerable to denial of service attack due to Apache Commons FileUpload (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 6966898 (Maximo Data Loader)
There is a security vulnerability in Apache Commons FileUpload and Tomcat used by IBM Maximo Data Loader (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 6967343 (UrbanCode Deploy)
IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Apache Tomcat (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 6967877 (Cloud Pak for Business Automation)
Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for March 2023

Source: CCN
Type: IBM Security Bulletin 6982047 (WebSphere Application Server)
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 6982387 (Watson Discovery)
IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Commons

Source: CCN
Type: IBM Security Bulletin 6982881 (Operational Decision Manager)
IBM Operational Decision Manager March 2023 - CVE-2014-0114, CVE-2019-10086, CVE-2023-24998

Source: CCN
Type: IBM Security Bulletin 6984431 (App Connect Professional)
Vulnerability in Apache Tomcat affects App Connect Professional.

Source: CCN
Type: IBM Security Bulletin 6984699 (MobileFirst Foundation)
Multiple vulnerabilities found on thirdparty libraries used by IBM MobileFirst Platform

Source: CCN
Type: IBM Security Bulletin 6984969 (Security Verify Governance)
IBM Security Verify Governance is vulnerable to denial of service ( CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 6985555 (Power HMC)
Vulnerability in Apache Commons FileUpload (CVE-2023-24998) affects Power HMC

Source: CCN
Type: IBM Security Bulletin 6985571 (Tivoli Application Dependency Discovery Manager)
A vulnerability in Apache Commons FileUpload affects IBM Tivoli Application Dependency Discovery Manager.

Source: CCN
Type: IBM Security Bulletin 6986509 (Integration Designer)
IBM Integration Designer is vulnerable to a denial of service due to commons-fileupload-1.4.jar (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 6987037 (Workload Scheduler)
IBM Workload Scheduler potentially affected by a vulnerability in Apache Commons FileUpload (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 6987085 (Cloud Pak for Business Automation)
Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for April 2023

Source: CCN
Type: IBM Security Bulletin 6987131 (Business Automation Workflow containers)
Denial of Service vulnerability in Apache commons-fileupload may affect IBM Business Automation Workflow (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 6987355 (Tivoli Business Service Manager)
IBM Tivoli Business Service Manager is vulnerable to denial of service attack due to Apache Commons FileUpload (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 6987487 (i)
IBM WebSphere Application Server Liberty for IBM i is vulnerable to a server-side request forgery, a denial of service, an attacker obtaining sensitive information, and gaining elevated privileges due to multiple vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6987809 (Liberty for Java for Cloud)
IBM Liberty for Java for IBM Cloud is vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 6988571 (Process Mining)
Vulnerability in XStream affects IBM Process Mining . CVE-2023-24998

Source: CCN
Type: IBM Security Bulletin 6988603 (Voice Gateway)
Security Vulnerabilities in IBM WebSphere Liberty and xml2js affect IBM Voice Gateway

Source: CCN
Type: IBM Security Bulletin 6988645 (InfoSphere Information Server)
IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons FileUpload ( CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 6989427 (Log Analysis)
Denial of Service in Apache Commons used by WebSphere Application Server affect IBM Operations Analytics - Log Analysis (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 6989653 (Security Verify Access)
Multiple Security Vulnerabilities have been fixed in IBM Security Verify Access

Source: CCN
Type: IBM Security Bulletin 6995177 (CICS Transaction Gateway)
Multiple Vulnerabilities (CVE-2023-24998, CVE-2023-1436) affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Source: CCN
Type: IBM Security Bulletin 6995501 (Cloud Application Business Insights)
Vulnerabilities in Java and IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights - CVE-2022-41946 & CVE-2023-24998

Source: CCN
Type: IBM Security Bulletin 6997293 (MobileFirst Foundation)
IBM MobileFirst Platform is vulnerable to CVE-2023-24998

Source: CCN
Type: IBM Security Bulletin 6998653 (Spectrum Sentinel Anomaly Scan Engine)
Vulnerability in Apache Commons FileUpload may affect IBM Spectrum Sentinel Anomaly Scan Engine (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 6998727 (Cloud Pak for Automation)
Security vulnerabilities are addressed with IBM Cloud Pak for Business

Source: CCN
Type: IBM Security Bulletin 6998753 (Cloud Transformation Advisor)
IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6999671 (App Connect for Healthcare)
IBM App Connect for Healthcare is affected by multiple Apache vulnerabilities

Source: CCN
Type: IBM Security Bulletin 7001009 (Business Automation Workflow traditional)
Apache commons fileupload vulnerability affect embedded Case Forms in IBM Business Automation Workflow and IBM Case Manager - CVE-2023-24998

Source: CCN
Type: IBM Security Bulletin 7001287 (Business Automation Workflow containers)
Multiple vulnerabilities in IBM Java SDK and WebSphere Application Server Liberty profile affect IBM Business Automation Workflow containers

Source: CCN
Type: IBM Security Bulletin 7001571 (Sterling Partner Engagement Manager)
IBM Sterling Partner Engagement Manager is vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 7001851 (i Modernization Engine for Lifecycle Integration)
IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 7002043 (Watson Discovery)
IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in IBM WebSphere Application Server Liberty

Source: CCN
Type: IBM Security Bulletin 7002181 (Watson Discovery)
IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Tomcat

Source: CCN
Type: IBM Security Bulletin 7002217 (Watson Explorer DAE oneWEX Components)
IBM Watson Explorer is affected by a vulnerability in IBM WebSphere Application Server Liberty (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 7002807 (Content Navigator)
IBM Content Navigator is vulnerable to DoS due to Apache Commons FileUpload (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 7003827 (Financial Transaction Manager)
Apache Commons FileUpload vulnerability affects IBM Financial Transaction Manager (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 7004199 (Storage Scale)
A vulnerability in IBM WebSphere Application Server Liberty affects IBM Storage Scale (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 7004913 (Spectrum Control)
IBM Spectrum Control is vulnerable to weakness related to Apache Commons FileUpload

Source: CCN
Type: IBM Security Bulletin 7005549 (Robotic Process Automation)
A vulnerability in WebSphere Application Server Liberty may affect IBM Robotic Process Automation and result in a denial of service (CVE-2023-24998).

Source: CCN
Type: IBM Security Bulletin 7005589 (Spectrum Protect Plus)
Vulnerabilities in Apache Commons, Tomcat, Go, libcurl, OpenSSL, Python, Node.js, and Linux can affect IBM Spectrum Protect Plus.

Source: CCN
Type: IBM Security Bulletin 7005851 (Operational Decision Manager)
IBM Operational Decision Manager June 2023 - Multiple CVEs

Source: CCN
Type: IBM Security Bulletin 7006395 (Storage Protect Operations Center)
IBM Storage Protect Operations Center is vulnerable to denial of service due to IBM WebSphere Application Server Liberty (CVE-2023-24998 )

Source: CCN
Type: IBM Security Bulletin 7006449 (DS8900F)
Vulnerabilities have been identified in OpenSSL, Apache HTTP Server and other system libraries shipped with the DS8000 Hardware Management Console (HMC)

Source: CCN
Type: IBM Security Bulletin 7007057 (InfoSphere Information Server)
IBM InfoSphere Information Server is affected by multiple vulnerabilities in Apache Tomcat (CVE-2023-28708, CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 7007425 (MQ)
IBM MQ is affected by an issue in IBM WebSphere Application Server Liberty (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 7007743 (MQ Appliance)
IBM MQ Appliance is vulnerable to a denial of service (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 7007869 (InfoSphere Master Data Management)
Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

Source: CCN
Type: IBM Security Bulletin 7007893 (Watson Speech Services Cartridge for Cloud Pak for Data)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Apache Commons FileUpload and Tomcat (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 7008405 (Tivoli Application Dependency Discovery Manager)
IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache Commons FileUpload

Source: CCN
Type: IBM Security Bulletin 7008447 (InfoSphere Information Server)
IBM InfoSphere Information Server is affected by a denial of service vulnerability in Apache Commons FileUpload and Tomcat (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 7008941 (Security Verify Governance)
Multiple vulnerabilities for IBM WebSphere Application Server addressed in IBM Security Verify Governance (CVE-2022-39161, CVE-2023-24998, CVE-2023-27554)

Source: CCN
Type: IBM Security Bulletin 7009747 (Watson Knowledge Catalog on-prem)
Multiple security vulnerabilities affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

Source: CCN
Type: IBM Security Bulletin 7010099 (QRadar SIEM)
IBM QRadar SIEM includes components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 7011753 (Storage Protect)
Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2023-0482, CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 7011771 (Sterling Control Center)
WebSphere denial-of-service vulnerability affects IBM Sterling Control Center (CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 7012647 (Security Verify Governance)
IBM Security Verify Governance has multiple vulnerabilities (CVE-2022-41946, CVE-2022-46364, CVE-2023-24998)

Source: CCN
Type: IBM Security Bulletin 7012675 (Netcool Operations Insight)
Netcool Operations Insights 1.6.9 addresses multiple security vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 7013897 (Business Automation Workflow traditional)
Multiple vulnerabilities affect the embedded Content Navigator in Business Automation Workflow - CVE-2023-24998, 254437

Source: CCN
Type: IBM Security Bulletin 7014245 (Maximo Application Suite)
Apache Commons FileUpload and Tomcat are vulnerable to CVE-2023-24998 used in IBM Maximo Application Suite - Monitor Component

Source: CCN
Type: IBM Security Bulletin 7014365 (Maximo Application Suite)
Apache Commons FileUpload and Apache Tomcat are vulnerable to CVE-2023-24998, CVE-2022-45143, and CVE-2023-28708 used in IBM Maximo Application Suite - Monitor Component

Source: CCN
Type: IBM Security Bulletin 7014915 (Rational Change)
Vulnerability in Rational Change 5.3.2 Fix Pack 05 and earlier versions.

Source: CCN
Type: IBM Security Bulletin 7015061 (Cloud Pak for Security)
IBM Cloud Pak for Security includes components with multiple known vulnerabilities (CVE-2023-24998 , CVE-2022-31129)

Source: CCN
Type: IBM Security Bulletin 7015811 (Cloud Pak for Data System)
Vulnerability in commons-fileupload affects IBM Cloud Pak for Data System 1.0(CPDS 1.0) [CVE-2023-24998]

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:apache:commons_fileupload:1.4:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cics_transaction_gateway:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:ediscovery_manager:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cics_transaction_gateway:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_netcool/omnibus:8.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:urbancode_deploy:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_master_data_management:11.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:3.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:::~~liberty~~~:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_business_service_manager:6.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:jazz_for_service_management:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:i:7.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.0.0:*:deep_analytics:*:foundational_components:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.1:*:deep_analytics:*:foundational_components:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.2.2:*:deep_analytics:*:foundational_components:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.0.0:*:deep_analytics:*:analytical_components:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.1:*:deep_analytics:*:analytical_components:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.2.2:*:deep_analytics:*:analytical_components:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.0.3:*:foundational_components:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.1:*:foundational_components:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.0.3:*:analytical_components:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.1:*:analytical_components:*:*:*:*:*
  • OR cpe:/a:ibm:operational_decision_manager:8.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_transformation_advisor:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:19.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.0.0:*:analytical_components:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.2.0:*:analytical_components:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.0.0:*:foundational_components:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:11.0.2.0:*:foundational_components:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.3:*:deep_analytics:*:analytical_components:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:20.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:log_analysis:1.3.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:log_analysis:1.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:20.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:20.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:case_manager:5.3:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:integration_designer:20.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:voice_gateway:1.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:workload_scheduler:9.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:21.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:21.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:19.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:20.0.0.1:-:*:*:containers:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:21.0.1:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:20.0.0.2:-:*:*:containers:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:21.0.3:-:*:*:containers:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation:21.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:19.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_governance:10.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access:10.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access:10.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access:10.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:21.0.2:-:*:*:containers:*:*:*
  • OR cpe:/o:ibm:i:7.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_governance:10.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:22.0.1:-:*:*:containers:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:21.0.3.1:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:content_navigator:3.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:content_navigator:3.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cics_transaction_gateway:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:22.0.2:-:*:*:containers:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:22.0.2:*:*:*:traditional:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation:23.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.0.0:*:deep_analytics:*:onewex_components:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.0.1:*:deep_analytics:*:onewex_components:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.1:*:deep_analytics:*:onewex_components:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.2.0:*:deep_analytics:*:onewex_components:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.2.2:*:deep_analytics:*:onewex_components:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.2.0:*:deep_analytics:*:analytical_components:*:*:*
  • OR cpe:/a:ibm:watson_explorer:12.0.2.0:*:deep_analytics:*:foundational_components:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8201
    P
    		Security update for tomcat (Important)
    2023-06-13
    oval:org.opensuse.security:def:8200
    P
    		Security update for apache-commons-fileupload (Important)
    2023-06-06
    BACK
    apache commons fileupload 1.4
    ibm websphere application server 8.5
    ibm cics transaction gateway 9.0
    ibm ediscovery manager 2.2.2
    ibm i 7.2
    ibm cics transaction gateway 9.1
    ibm tivoli netcool/impact 7.1.0
    ibm tivoli netcool/omnibus 8.1.0
    ibm watson explorer 11.0.0
    ibm urbancode deploy 6.2
    ibm i 7.3
    ibm watson explorer 11.0.1
    ibm websphere application server 9.0
    ibm infosphere master data management 11.6
    ibm watson explorer 11.0.2
    ibm infosphere information server 11.7
    ibm spectrum protect plus 10.1.0
    ibm financial transaction manager 3.2.0
    ibm websphere application server
    ibm watson explorer 12.0.0
    ibm watson explorer 12.0.1
    ibm watson explorer 12.0.2
    ibm tivoli business service manager 6.2.0
    ibm jazz for service management 1.1.3
    ibm i 7.4
    ibm watson explorer 12.0.0.0
    ibm watson explorer 12.0.1
    ibm watson explorer 12.0.2.2
    ibm watson explorer 12.0.0.0
    ibm watson explorer 12.0.1
    ibm watson explorer 12.0.2.2
    ibm watson explorer 11.0.0.3
    ibm watson explorer 11.0.1
    ibm watson explorer 11.0.0.3
    ibm watson explorer 11.0.1
    ibm operational decision manager 8.10
    ibm voice gateway 1.0.2
    ibm voice gateway 1.0.3
    ibm cloud transformation advisor 2.0.1
    ibm cloud pak for automation 19.0.3
    ibm watson explorer 11.0.0.0
    ibm watson explorer 11.0.2.0
    ibm watson explorer 11.0.0.0
    ibm watson explorer 11.0.2.0
    ibm watson explorer 12.0.3
    ibm tivoli application dependency discovery manager 7.3.0.0
    ibm voice gateway 1.0.2.4
    ibm voice gateway 1.0.4
    ibm voice gateway 1.0.5
    ibm cloud pak for automation 20.0.1
    ibm log analysis 1.3.5.3
    ibm log analysis 1.3.6
    ibm cloud pak for automation 20.0.2
    ibm security verify access 10.0.0
    ibm voice gateway 1.0.6
    ibm cloud pak for automation 20.0.3
    ibm case manager 5.3 cd
    ibm integration designer 20.0.0.2
    ibm voice gateway 1.0.7
    ibm workload scheduler 9.5
    ibm cloud pak for automation 21.0.1
    ibm cloud pak for automation 21.0.2 -
    ibm cloud pak for automation 19.0.1
    ibm business automation workflow 20.0.0.1 -
    ibm business automation workflow 20.0.0.1
    ibm business automation workflow 20.0.0.2
    ibm business automation workflow 21.0.1
    ibm business automation workflow 20.0.0.2 -
    ibm business automation workflow 21.0.3 -
    ibm qradar security information and event manager 7.5.0 -
    ibm robotic process automation 21.0.0
    ibm cloud pak for automation 19.0.2
    ibm cloud pak for business automation 18.0.0
    ibm cloud pak for business automation 18.0.2
    ibm cloud pak for business automation 19.0.1
    ibm cloud pak for business automation 19.0.3
    ibm cloud pak for business automation 20.0.1
    ibm cloud pak for business automation 20.0.3
    ibm cloud pak for business automation 21.0.1 -
    ibm cloud pak for business automation 21.0.2 -
    ibm cloud pak for business automation 21.0.3 -
    ibm security verify governance 10.0.1
    ibm security verify access 10.0.1
    ibm security verify access 10.0.2
    ibm security verify access 10.0.3
    ibm business automation workflow 21.0.2 -
    ibm i 7.5
    ibm security verify governance 10.0
    ibm business automation workflow 22.0.1 -
    ibm business automation workflow 22.0.1
    ibm cloud pak for business automation 22.0.1 -
    ibm cloud pak for security 1.10.0.0
    ibm business automation workflow 21.0.3.1
    ibm content navigator 3.0.11
    ibm content navigator 3.0.12
    ibm cics transaction gateway 9.2
    ibm business automation workflow 22.0.2 -
    ibm business automation workflow 22.0.2
    ibm robotic process automation 23.0.0
    ibm cloud pak for business automation 22.0.2 -
    ibm watson explorer 12.0.0.0
    ibm watson explorer 12.0.0.1
    ibm watson explorer 12.0.1
    ibm watson explorer 12.0.2.0
    ibm watson explorer 12.0.2.2
    ibm watson explorer 12.0.2.0
    ibm watson explorer 12.0.2.0