CVE-2023-38264

Name of the Vulnerable Software and Affected Versions IBM SDK, Java Technology Edition versions 7.1.0.0 through 7.1.5.21 IBM SDK, Java Technology Edition versions 8.0.0.0 through 8.0.8.21

Description The issue is related to a denial of service attack due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters in the Object Request Broker (ORB). This can occur under certain circumstances.

Recommendations For versions 7.1.0.0 through 7.1.5.21, update to a version that properly enforces the JEP 290 MaxRef and MaxDepth deserialization filters to prevent denial of service attacks. For versions 8.0.0.0 through 8.0.8.21, update to a version that properly enforces the JEP 290 MaxRef and MaxDepth deserialization filters to prevent denial of service attacks. As a temporary workaround, consider restricting the use of the Object Request Broker (ORB) until a patch is available.