cvelistv5 - cve-2023-32331

CVE-2023-32331 (GCVE-0-2023-32331)

Vulnerability from cvelistv5

Published

2024-03-04 18:38

Modified

2024-08-02 15:10

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Summary

IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979.

References

URL

Tags

psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/254979	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7011443	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/254979	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7011443	Vendor Advisory

Impacted products

	Vendor	Product	Version
	IBM	Sterling Connect:Express for UNIX	Version: 1.5.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-32331",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-05T16:07:50.307756Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:26:18.338Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:10:24.878Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7011443"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254979"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Sterling Connect:Express for UNIX",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "1.5.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI.  IBM X-Force ID:  254979."
            }
          ],
          "value": "IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI.  IBM X-Force ID:  254979."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-04T18:38:46.392Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7011443"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254979"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Connect:Express for UNIX denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-32331",
    "datePublished": "2024-03-04T18:38:46.392Z",
    "dateReserved": "2023-05-08T18:32:34.088Z",
    "dateUpdated": "2024-08-02T15:10:24.878Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-32331\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2024-03-04T19:15:18.893\",\"lastModified\":\"2025-01-31T16:27:03.070\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI.  IBM X-Force ID:  254979.\"},{\"lang\":\"es\",\"value\":\"IBM Connect:Express para UNIX 1.5.0 es vulnerable a un desbordamiento de b\u00fafer que podr\u00eda permitir a un atacante remoto provocar una denegaci\u00f3n de servicio a trav\u00e9s de la interfaz de usuario de su navegador. ID de IBM X-Force: 254979. \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:sterling_connect\\\\:express_for_unix:1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24545106-7869-4D03-A35A-35797C8E4510\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E492C463-D76E-49B7-A4D4-3B499E422D89\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91F372EA-3A78-4703-A457-751B2C98D796\"}]}]}],\"references\":[{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/254979\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/7011443\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/254979\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/7011443\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"product\": \"Sterling Connect:Express for UNIX\", \"vendor\": \"IBM\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.5.0\"}]}], \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI.  IBM X-Force ID:  254979.\"}], \"value\": \"IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI.  IBM X-Force ID:  254979.\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"version\": \"3.1\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-119\", \"description\": \"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2024-03-04T18:38:46.392Z\"}, \"references\": [{\"tags\": [\"vendor-advisory\"], \"url\": \"https://www.ibm.com/support/pages/node/7011443\"}, {\"tags\": [\"vdb-entry\"], \"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/254979\"}], \"source\": {\"discovery\": \"UNKNOWN\"}, \"title\": \"IBM Connect:Express for UNIX denial of service\", \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}}, \"adp\": [{\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-32331\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-05T16:07:50.307756Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-23T19:01:15.349Z\"}, \"title\": \"CISA ADP Vulnrichment\"}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-32331\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"ibm\", \"dateReserved\": \"2023-05-08T18:32:34.088Z\", \"datePublished\": \"2024-03-04T18:38:46.392Z\", \"dateUpdated\": \"2024-06-04T17:26:18.338Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

gsd-2023-32331

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979.

Aliases

CVE-2023-32331

Aliases

CVE-2023-32331

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-32331",
    "id": "GSD-2023-32331"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-32331"
      ],
      "details": "IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI.  IBM X-Force ID:  254979.",
      "id": "GSD-2023-32331",
      "modified": "2023-12-13T01:20:23.516929Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "ID": "CVE-2023-32331",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Sterling Connect:Express for UNIX",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "1.5.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "IBM"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI.  IBM X-Force ID:  254979."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-119",
                "lang": "eng",
                "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.ibm.com/support/pages/node/7011443",
            "refsource": "MISC",
            "url": "https://www.ibm.com/support/pages/node/7011443"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254979",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254979"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI.  IBM X-Force ID:  254979."
          },
          {
            "lang": "es",
            "value": "IBM Connect:Express para UNIX 1.5.0 es vulnerable a un desbordamiento de b\u00fafer que podr\u00eda permitir a un atacante remoto provocar una denegaci\u00f3n de servicio a trav\u00e9s de la interfaz de usuario de su navegador. ID de IBM X-Force: 254979. "
          }
        ],
        "id": "CVE-2023-32331",
        "lastModified": "2024-03-05T13:41:01.900",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "psirt@us.ibm.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-03-04T19:15:18.893",
        "references": [
          {
            "source": "psirt@us.ibm.com",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254979"
          },
          {
            "source": "psirt@us.ibm.com",
            "url": "https://www.ibm.com/support/pages/node/7011443"
          }
        ],
        "sourceIdentifier": "psirt@us.ibm.com",
        "vulnStatus": "Awaiting Analysis",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-119"
              }
            ],
            "source": "psirt@us.ibm.com",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

cnvd-2024-12703

Vulnerability from cnvd

Title

IBM Sterling Connect:Express for UNIX缓冲区溢出漏洞

Description

IBM Sterling Connect:Express for UNIX是美国国际商业机器（IBM）公司的一套适用于UNIX平台的文件传输解决方案。 IBM Sterling Connect:Express for UNIX 1.5.0版本存在缓冲区溢出漏洞，该漏洞源于程序未能正确验证输入数据的长度大小，远程攻击者可利用该漏洞通过浏览器UI造成拒绝服务。

Severity

高

Patch Name

IBM Sterling Connect:Express for UNIX缓冲区溢出漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.ibm.com/support/pages/node/7011443

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-32331

Impacted products

Name
IBM IBM Sterling Connect:Express for UNIX 1.5.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-32331",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-32331"
    }
  },
  "description": "IBM Sterling Connect:Express for UNIX\u662f\u7f8e\u56fd\u56fd\u9645\u5546\u4e1a\u673a\u5668\uff08IBM\uff09\u516c\u53f8\u7684\u4e00\u5957\u9002\u7528\u4e8eUNIX\u5e73\u53f0\u7684\u6587\u4ef6\u4f20\u8f93\u89e3\u51b3\u65b9\u6848\u3002\n\nIBM Sterling Connect:Express for UNIX 1.5.0\u7248\u672c\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u8f93\u5165\u6570\u636e\u7684\u957f\u5ea6\u5927\u5c0f\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u6d4f\u89c8\u5668UI\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.ibm.com/support/pages/node/7011443",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-12703",
  "openTime": "2024-03-13",
  "patchDescription": "IBM Sterling Connect:Express for UNIX\u662f\u7f8e\u56fd\u56fd\u9645\u5546\u4e1a\u673a\u5668\uff08IBM\uff09\u516c\u53f8\u7684\u4e00\u5957\u9002\u7528\u4e8eUNIX\u5e73\u53f0\u7684\u6587\u4ef6\u4f20\u8f93\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nIBM Sterling Connect:Express for UNIX 1.5.0\u7248\u672c\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u8f93\u5165\u6570\u636e\u7684\u957f\u5ea6\u5927\u5c0f\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u6d4f\u89c8\u5668UI\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Sterling Connect:Express for UNIX\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "IBM IBM Sterling Connect:Express for UNIX 1.5.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-32331",
  "serverity": "\u9ad8",
  "submitTime": "2024-03-06",
  "title": "IBM Sterling Connect:Express for UNIX\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une exécution de code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct pour UNIX versions 6.1.0.x antérieures à 6.1.0.4.iFix088
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct pour UNIX versions 6.3.0.x antérieures à 6.3.0.0.iFix011
IBM	Db2	IBM Db2 versions 10.5.x.x antérieures à 10.5 FP11 sans le dernier correctif temporaire
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct FTP+ versions 1.3.x antérieures à 1.3.0.iFix024
IBM	Db2	IBM Db2 versions 11.5.x antérieures à 11.5.7 sans le dernier correctif temporaire
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct pour UNIX versions 6.2.0.x antérieures à 6.2.0.6.iFix024
IBM	Db2	IBM Db2 versions 11.5.x antérieures à 11.5.8 sans le dernier correctif temporaire
IBM	Db2	IBM Db2 versions 11.1.4.x antérieures à 11.1.4 FP7 sans le dernier correctif temporaire
IBM	Sterling	IBM Sterling Connect:Express pour UNIX version 1.5
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct pour UNIX versions 6.0.0x. antérieures à 6.0.0.2.iFix152

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7011443 du 12 juillet 2023	None	vendor-advisory
Bulletin de sécurité IBM 7011409 du 12 juillet 2023	None	vendor-advisory
Bulletin de sécurité IBM 7011405 du 12 juillet 2023	None	vendor-advisory
Bulletin de sécurité IBM 7010557 du 12 juillet 2023	None	vendor-advisory
Bulletin de sécurité IBM du 07 juillet 2023	-	other
Bulletin de sécurité IBM du 07 juillet 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Sterling Connect:Direct pour UNIX versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.4.iFix088",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct pour UNIX versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.0.iFix011",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 10.5.x.x ant\u00e9rieures \u00e0 10.5 FP11 sans le dernier correctif temporaire",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct FTP+ versions 1.3.x ant\u00e9rieures \u00e0 1.3.0.iFix024",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.7 sans le dernier correctif temporaire",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct pour UNIX versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.6.iFix024",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.8 sans le dernier correctif temporaire",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 11.1.4.x ant\u00e9rieures \u00e0 11.1.4 FP7 sans le dernier correctif temporaire",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Express pour UNIX version 1.5",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct pour UNIX versions 6.0.0x. ant\u00e9rieures \u00e0 6.0.0.2.iFix152",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-21938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
    },
    {
      "name": "CVE-2023-21954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
    },
    {
      "name": "CVE-2023-21939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
    },
    {
      "name": "CVE-2023-30431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30431"
    },
    {
      "name": "CVE-2023-30443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30443"
    },
    {
      "name": "CVE-2023-30446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30446"
    },
    {
      "name": "CVE-2023-30445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30445"
    },
    {
      "name": "CVE-2023-30447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30447"
    },
    {
      "name": "CVE-2023-32331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32331"
    },
    {
      "name": "CVE-2023-21937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
    },
    {
      "name": "CVE-2023-30448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30448"
    },
    {
      "name": "CVE-2023-2597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
    },
    {
      "name": "CVE-2023-27558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27558"
    },
    {
      "name": "CVE-2023-30449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30449"
    },
    {
      "name": "CVE-2023-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
    },
    {
      "name": "CVE-2023-21930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
    },
    {
      "name": "CVE-2023-21967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
    }
  ],
  "initial_release_date": "2023-07-13T00:00:00",
  "last_revision_date": "2023-07-13T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 07 juillet 2023",
      "url": "https://www.ibm.com/support/pages/node/7010565"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 07 juillet 2023",
      "url": "https://www.ibm.com/support/pages/node/7010571"
    }
  ],
  "reference": "CERTFR-2023-AVI-0541",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une ex\u00e9cution de code\narbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7011443 du 12 juillet 2023",
      "url": "https://www.ibm.com/support/pages/node/7011443"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7011409 du 12 juillet 2023",
      "url": "https://www.ibm.com/support/pages/node/7011409"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7011405 du 12 juillet 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7010557 du 12 juillet 2023",
      "url": "https://www.ibm.com/support/pages/node/7010557"
    }
  ]
}

ghsa-3pfw-5ffm-ww42

Vulnerability from github

Published

2024-03-04 21:31

Modified

2024-03-04 21:31

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-32331"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-120"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-04T19:15:18Z",
    "severity": "HIGH"
  },
  "details": "IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI.  IBM X-Force ID:  254979.",
  "id": "GHSA-3pfw-5ffm-ww42",
  "modified": "2024-03-04T21:31:11Z",
  "published": "2024-03-04T21:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32331"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254979"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7011443"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2023-32331

Vulnerability from fkie_nvd

Published

2024-03-04 19:15

Modified

2025-01-31 16:27

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979.

References

URL	Tags
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/254979	Third Party Advisory
psirt@us.ibm.com	https://www.ibm.com/support/pages/node/7011443	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/254979	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ibm.com/support/pages/node/7011443	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	sterling_connect\	express_for_unix
ibm	aix	-
linux	linux_kernel	-
oracle	solaris	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:sterling_connect\\:express_for_unix:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "24545106-7869-4D03-A35A-35797C8E4510",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91F372EA-3A78-4703-A457-751B2C98D796",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI.  IBM X-Force ID:  254979."
    },
    {
      "lang": "es",
      "value": "IBM Connect:Express para UNIX 1.5.0 es vulnerable a un desbordamiento de b\u00fafer que podr\u00eda permitir a un atacante remoto provocar una denegaci\u00f3n de servicio a trav\u00e9s de la interfaz de usuario de su navegador. ID de IBM X-Force: 254979. "
    }
  ],
  "id": "CVE-2023-32331",
  "lastModified": "2025-01-31T16:27:03.070",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-03-04T19:15:18.893",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254979"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7011443"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254979"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7011443"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-32331 (GCVE-0-2023-32331)

Vulnerability from cvelistv5

gsd-2023-32331

Vulnerability from gsd

cnvd-2024-12703

Vulnerability from cnvd

CERTFR-2023-AVI-0541

Vulnerability from certfr_avis

Solution

ghsa-3pfw-5ffm-ww42

Vulnerability from github

fkie_cve-2023-32331

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature