{
  "document" : {
    "aggregate_severity" : {
      "text" : "mittel"
    },
    "category" : "csaf_base",
    "csaf_version" : "2.0",
    "distribution" : {
      "tlp" : {
        "label" : "WHITE",
        "url" : "https://www.first.org/tlp/"
      }
    },
    "lang" : "de-DE",
    "notes" : [ {
      "category" : "legal_disclaimer",
      "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen."
    }, {
      "category" : "description",
      "text" : "IBM WebSphere Application Server ist ein J2EE-Applikationsserver.",
      "title" : "Produktbeschreibung"
    }, {
      "category" : "summary",
      "text" : "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM WebSphere Application Server ausnutzen, um einen Denial of Service Angriff durchzuführen.",
      "title" : "Angriff"
    }, {
      "category" : "general",
      "text" : "- UNIX\n- Linux\n- MacOS X\n- Windows\n- Sonstiges",
      "title" : "Betroffene Betriebssysteme"
    } ],
    "publisher" : {
      "category" : "other",
      "contact_details" : "csaf-provider@cert-bund.de",
      "name" : "Bundesamt für Sicherheit in der Informationstechnik",
      "namespace" : "https://www.bsi.bund.de"
    },
    "references" : [ {
      "category" : "self",
      "summary" : "WID-SEC-W-2023-2065 - CSAF Version",
      "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2065.json"
    }, {
      "category" : "self",
      "summary" : "WID-SEC-2023-2065 - Portal Version",
      "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2065"
    }, {
      "category" : "external",
      "summary" : "IBM Security Bulletin 7030458 vom 2023-09-04",
      "url" : "https://www.ibm.com/support/pages/node/7030458"
    }, {
      "category" : "external",
      "summary" : "IBM Security Bulletin: 7027509 vom 2023-08-15",
      "url" : "https://www.ibm.com/support/pages/node/7027509"
    } ],
    "source_lang" : "en-US",
    "title" : "IBM WebSphere Application Server: Schwachstelle ermöglicht Denial of Service",
    "tracking" : {
      "current_release_date" : "2023-09-04T22:00:00.000+00:00",
      "generator" : {
        "date" : "2024-08-15T17:57:06.025+00:00",
        "engine" : {
          "name" : "BSI-WID",
          "version" : "1.3.5"
        }
      },
      "id" : "WID-SEC-W-2023-2065",
      "initial_release_date" : "2023-08-15T22:00:00.000+00:00",
      "revision_history" : [ {
        "date" : "2023-08-15T22:00:00.000+00:00",
        "number" : "1",
        "summary" : "Initiale Fassung"
      }, {
        "date" : "2023-09-04T22:00:00.000+00:00",
        "number" : "2",
        "summary" : "Neue Updates von IBM aufgenommen"
      } ],
      "status" : "final",
      "version" : "2"
    }
  },
  "product_tree" : {
    "branches" : [ {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow traditional",
          "product" : {
            "name" : "IBM Business Automation Workflow traditional",
            "product_id" : "T024465",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:traditional"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "IBM Business Automation Workflow enterprise service bus",
          "product" : {
            "name" : "IBM Business Automation Workflow enterprise service bus",
            "product_id" : "T029707",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:ibm:business_automation_workflow:enterprise_service_bus"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Business Automation Workflow"
      }, {
        "category" : "product_name",
        "name" : "IBM WebSphere Application Server < Liberty 23.0.0.8",
        "product" : {
          "name" : "IBM WebSphere Application Server < Liberty 23.0.0.8",
          "product_id" : "T029320",
          "product_identification_helper" : {
            "cpe" : "cpe:/a:ibm:websphere_application_server:liberty_23.0.0.8"
          }
        }
      } ],
      "category" : "vendor",
      "name" : "IBM"
    } ]
  },
  "vulnerabilities" : [ {
    "cve" : "CVE-2023-38737",
    "notes" : [ {
      "category" : "description",
      "text" : "Es existiert eine Schwachstelle in IBM WebSphere Application Server. Durch das Senden eines speziellen Befehls wird der Speicherverbrauch erhöht. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuführen."
    } ],
    "product_status" : {
      "known_affected" : [ "T029707", "T024465" ]
    },
    "release_date" : "2023-08-15T22:00:00.000+00:00",
    "title" : "CVE-2023-38737"
  } ]
}