Home » Eclipse Jetty: Security warning about a number of IT vulnerabilities

Eclipse Jetty: Security warning about a number of IT vulnerabilities

by admin
Eclipse Jetty: Security warning about a number of IT vulnerabilities

As BSI stories, an IT safety alert a few recognized Eclipse Jetty vulnerability has acquired an replace. You can examine which functions and merchandise are affected by safety holes right here at information.de.

Federal workplace for Security in Information Technology (BSI) has printed an replace on May 16, 2024 to a high-risk safety gap in Eclipse Jetty recognized on July 7, 2022. The safety vulnerability impacts Linux, UNIX and Windows working techniques and IBM Maximo Asset Management merchandise, Debian Linux, IBM InfoSphere Information Server, Red Hat Enterprise Linux, IBM Integration Bus, Hitachi Ops Center, IBM QRadar SIEM, Eclipse Jetty, IBM Rational Change, JFrog Artifactory, IBM Tivoli Netcool/OMNIbus, IBM Tivoli Network Manager and IBM Spectrum Protect.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability could be discovered right here: IBM Security Bulletin 7153639 (From 17 May 2024). Some helpful hyperlinks are listed later on this article.

Eclipse Jetty’s excessive danger – Risk: average

Risk stage: 3 (average)
CVSS Base Score: 7.5
CVSS provisional rating: 6.5
Remote management: Ja

The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of pc techniques. The CVSS commonplace makes it attainable to match potential or precise safety dangers primarily based on numerous metrics to create a precedence listing for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For momentary impact, body circumstances that will change over time are thought-about within the take a look at. According to CVSS, the present vulnerability is assessed as “average” with 7.5 foundation factors.

See also  IX.Org X11: Security warning about a number of IT vulnerabilities

Eclipse Jetty Bug: Description of the assault

Eclipse Jetty is a Java HTTP server and Java servlet container.

A distant, unknown or approved attacker can exploit a number of vulnerabilities in Eclipse Jetty to carry out a denial of service assault and management info.

Vulnerabilities are recognized by distinctive CVE (Common Vulnerabilities and Exposures) product numbers. CVE-2022-2048, CVE-2022-2191 and CVE-2022-2047 on the market.

Systems affected by the safety hole at a look

Operating techniques
Linux, UNIX, Windows

Products
IBM Maximo Asset Management 7.6.1.3 (cpe:/a:ibm:maximo_asset_management)
Debian Linux (cpe:/o:debian:debian_linux)
IBM InfoSphere Information Server 11.7 (cpe:/a:ibm:infosphere_information_server)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
IBM Integration Bus (cpe:/a:ibm:integration_bus)
Hitachi Ops Center (cpe:/a:hitachi:ops_center)
IBM QRadar SIEM 7.5 (cpe:/a:ibm:qradar_siem)
Eclipse Jetty Eclipse Jetty Eclipse Jetty IBM Rational Change 5.3.2.4 (cpe:/a:ibm:rational_change)
JFrog Artifactory IBM QRadar SIEM 7.4 (cpe:/a:ibm:qradar_siem)
IBM Tivoli Netcool/OMNIbus 8.1.0 (cpe:/a:ibm:tivoli_netcoolpercent2fomnibus)
IBM Tivoli Network Manager 4.2.0 (cpe:/a:ibm:tivoli_network_manager)
IBM Spectrum Protect

General steps for coping with IT vulnerabilities

  1. Users of affected techniques ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by growing a patch or workaround. When new safety updates can be found, set up them instantly.
  2. For info, see the sources listed within the subsequent part. This usually accommodates extra details about the newest model of the software program in query and the supply of safety patches or efficiency suggestions.
  3. If you might have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to often examine the required sources to see if a brand new safety replace is obtainable.

Sources for updates, patches and workarounds

Here you will see some hyperlinks with details about bug stories, safety fixes and workarounds.

See also  cURL: IT security gap with high risk! Multiple vulnerabilities reported

IBM Security Bulletin 7153639 vom 2024-05-17 (16.05.2024)
For extra info, see:

IBM Security Bulletin 7082766 vom 2023-11-28 (27.11.2023)
For extra info, see:

IBM Security Bulletin 7014699 vom 2023-07-26 (26.07.2023)
For extra info, see:

Hitachi Software Vulnerability Information hitachi-sec-2023-117 vom 2023-05-23 (22.05.2023)
For extra info, see:

IBM Security Bulletin 6965816 vom 2023-03-24 (23.03.2023)
For extra info, see:

IBM Security Bulletin 6965698 vom 2023-03-23 (22.03.2023)
For extra info, see:

IBM Security Bulletin 6959601 vom 2023-03-02 (02.03.2023)
For extra info, see:

Red Hat Security Advisory RHSA-2023:0189 vom 2023-01-17 (17.01.2023)
For extra info, see:

IBM Security Bulletin 6852233 vom 2022-12-30 (01.01.2023)
For extra info, see:

Red Hat Security Advisory RHSA-2022:8652 vom 2022-11-28 (28.11.2022)
For extra info, see:

IBM Security Bulletin 6831855 vom 2022-10-26 (25.10.2022)
For extra info, see:

IBM Security Bulletin 6829321 vom 2022-10-15 (16.10.2022)
For extra info, see:

IBM Security Bulletin 6825513 vom 2022-10-01 (03.10.2022)
For extra info, see:

JFrog Fixed Security Vulnerabilities (03.10.2022)
For extra info, see:

Debian Security Advisory DLA-3079 vom 2022-08-22 (21.08.2022)
For extra info, see:

Debian Security Advisory DSA-5198 vom 2022-08-02 (02.08.2022)
For extra info, see:

Eclipse Jetty Security Advisory vom 2022-07-07 (07.07.2022)
For extra info, see:

Version historical past of this safety alert

This is model 16 of this Security Notice for Eclipse Jetty IT. This doc will probably be up to date as extra updates are introduced. You can see the adjustments made utilizing the model historical past under.

July 7, 2022 – First model
08/02/2022 – New updates from Debian added
08/21/2022 – New updates from Debian added
October 3, 2022 – New updates from IBM added
October 16, 2022 – New updates from IBM added
October 25, 2022 – New updates from IBM added
11/28/2022 – New updates from Red Hat added
01/01/2023 – New updates from IBM added
01/17/2023 – New updates from Red Hat added
03/02/2023 – New updates from IBM added
03/22/2023 – New updates from IBM added
03/23/2023 – New updates from IBM added
05/22/2023 – New updates from HITACHI added
July 26, 2023 – New updates from IBM added
November 27, 2023 – New updates from IBM added
May 16, 2024 – New updates from IBM added

See also  Messi: In terms of personal skills, no one can do what Ronaldinho did on the court

+++ Editorial notice: This doc relies on present BSI knowledge and will probably be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

comply with News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you will see scorching information, present movies and a direct line to the editorial workforce.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy