Fluid Attacks Database

Description

The IBM SDK, Java Technology Edition's Object Request Broker (ORB) is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel7	java-1.7.1-ibm	-	-
rpm rhel8	java-1.8.0-ibm	<1:1.8.0.8.25-1.el8_10	1:1.8.0.8.25-1.el8_10

Aliases

1. CVE-2023-382642. NVD-2023-382643. OSV-2023-38264

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.