CVE-2023-52426: Medium severity ibm cognos dashboards vulnerability

Q: What is the severity of CVE-2023-52426?

CVE-2023-52426 has a severity rating that indicates a significant denial of service risk.

Q: How do I fix CVE-2023-52426?

To mitigate CVE-2023-52426, compile libexpat with XML_DTD defined and apply any available patches.

Q: Which software is affected by CVE-2023-52426?

CVE-2023-52426 affects libexpat versions up to 2.5.0 and certain versions of IBM Cognos Dashboards on Cloud Pak for Data.

Q: What type of vulnerability is CVE-2023-52426?

CVE-2023-52426 is a denial of service vulnerability caused by an XML entity expansion flaw.

Q: Who can exploit CVE-2023-52426?

A local attacker could potentially exploit CVE-2023-52426 by crafting specially designed XML input.

Published Feb 4, 2024

Updated

libexpat is vulnerable to a denial of service, caused by an XML entity expansion flaw if XMLDTD is undefined at compile time. By compiling specially crafted XML input, a local attacker could exploit this vulnerability to cause a denial of service.

Other sources

libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time.

— NVD

Affected Software

3 affected components

IBM Cognos Dashboards on Cloud Pak for Data<=5.0.0

IBM Cognos Dashboards on Cloud Pak for Data<=4.8.0

Libexpat Project Libexpat<=2.5.0

Remediation

Patch Available

https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404

Event History

Feb 4, 2024

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

Description

Data Sourced

via NVD·08:15 PM

RemedyDescriptionSeverityWeaknessAffected Software

Parent advisories

This vulnerability appears in the following advisories.

IBM-7177766

Frequently Asked Questions

What is the severity of CVE-2023-52426?

CVE-2023-52426 has a severity rating that indicates a significant denial of service risk.

How do I fix CVE-2023-52426?