Plattform
other
Komponente
jazz-reporting-service
Behoben in
7.1.1
7.0.4
CVE-2025-1823 describes a Denial of Service (DoS) vulnerability affecting IBM Jazz Reporting Service. An authenticated user on the host network can exploit this flaw by sending specially crafted SQL queries that consume excessive memory resources, potentially causing the service to become unavailable. This vulnerability impacts versions 7.0.3 through 7.1iFix006, and a fix is available in version 7.1.1.
The primary impact of CVE-2025-1823 is a denial of service. A successful attacker can craft malicious SQL queries that consume significant memory resources within the Jazz Reporting Service. This can lead to the service becoming unresponsive, impacting users' ability to generate reports and access critical data. While the CVSS score is LOW, the disruption caused by a DoS attack can still be significant, especially in environments where the Jazz Reporting Service is crucial for business operations. The vulnerability requires authentication, limiting the immediate attack surface, but the potential for internal exploitation remains a concern.
CVE-2025-1823 was publicly disclosed on 2026-02-04. There is no indication of active exploitation or KEV listing at the time of writing. Public proof-of-concept (POC) code is not currently available. The LOW CVSS score suggests a relatively low probability of exploitation, but the potential for disruption warrants prompt remediation.
Organizations utilizing IBM Jazz Reporting Service versions 7.0.3 through 7.1iFix006, particularly those with internal users who have authenticated access to the reporting service and the ability to execute SQL queries, are at risk. Shared hosting environments where multiple users share the same Jazz Reporting Service instance are also potentially vulnerable.
disclosure
Exploit-Status
EPSS
0.01% (2% Perzentil)
CISA SSVC
CVSS-Vektor
The recommended mitigation for CVE-2025-1823 is to upgrade to IBM Jazz Reporting Service version 7.1.1 or later, which contains the fix. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as restricting access to the reporting service to trusted users and monitoring memory usage closely. While a direct WAF rule is unlikely to be effective against crafted SQL, limiting query complexity and input validation can reduce the risk. After upgrading, confirm the fix by attempting to execute the malicious SQL query and verifying that it no longer causes excessive memory consumption.
Aktualisieren Sie IBM Jazz Reporting Service auf eine Version nach 7.1 iFix006 oder 7.0.3 iFix020. Dies behebt die Dienstverweigerungsvulnerabilität, die durch bösartige (SQL) Abfragen verursacht wird, die übermäßige Speichermittel verbrauchen. Weitere Informationen zur Aktualisierung finden Sie im IBM-Referenzlink.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-1823 is a denial-of-service vulnerability in IBM Jazz Reporting Service allowing authenticated users to exhaust memory resources with crafted SQL queries.
You are affected if you are using IBM Jazz Reporting Service versions 7.0.3–7.1iFix006. Upgrade to 7.1.1 or later to mitigate the risk.
Upgrade IBM Jazz Reporting Service to version 7.1.1 or later. As a temporary workaround, restrict access and validate SQL inputs.
Currently, there are no publicly known active exploits for CVE-2025-1823, but vigilance is still advised.
Refer to the official IBM Security Bulletin for details: [https://www.ibm.com/support/kbdoc/firstdoc?docid=instance/common/sb129826](https://www.ibm.com/support/kbdoc/firstdoc?docid=instance/common/sb129826)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.