Plataforma
other
Componente
jazz-reporting-service
Corrigido em
7.1.1
7.0.4
CVE-2025-1823 describes a Denial of Service (DoS) vulnerability affecting IBM Jazz Reporting Service. An authenticated user on the host network can exploit this flaw by sending specially crafted SQL queries that consume excessive memory resources, potentially causing the service to become unavailable. This vulnerability impacts versions 7.0.3 through 7.1iFix006, and a fix is available in version 7.1.1.
Successful exploitation of CVE-2025-1823 allows an authenticated user to induce a denial of service within the IBM Jazz Reporting Service. The attacker can craft malicious SQL queries designed to exhaust memory resources, leading to service instability and potential outages. This can disrupt reporting functionalities and impact users relying on the service for data analysis and insights. While the CVSS score is LOW, the impact of a DoS can still be significant, particularly in environments where reporting is critical for operational decision-making. The vulnerability's reliance on authenticated access limits the potential attack surface, but internal users with sufficient privileges pose a risk.
CVE-2025-1823 was publicly disclosed on 2026-02-04. There are currently no publicly available proof-of-concept exploits. The vulnerability is not listed on the CISA KEV catalog. Given the LOW CVSS score and lack of public exploits, the probability of active exploitation is considered low.
Organizations utilizing IBM Jazz Reporting Service versions 7.0.3 through 7.1iFix006, particularly those with internal users who have authenticated access to the reporting service and the ability to execute SQL queries, are at risk. Shared hosting environments where multiple users share the same Jazz Reporting Service instance are also potentially vulnerable.
disclosure
Status do Exploit
EPSS
0.01% (percentil 2%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-1823 is to upgrade IBM Jazz Reporting Service to version 7.1.1 or later, which contains the fix. If immediate upgrading is not feasible, consider implementing temporary workarounds. Restricting access to the reporting service to trusted users and implementing input validation on SQL queries can help reduce the risk. Monitoring memory usage on the server hosting Jazz Reporting Service is also recommended to detect potential DoS attacks. After upgrading, confirm the fix by attempting to execute the malicious SQL query and verifying that it no longer causes excessive memory consumption.
Atualize o IBM Jazz Reporting Service para uma versão posterior a 7.1 iFix006 ou 7.0.3 iFix020. Isso corrige a vulnerabilidade de negação de serviço causada por consultas SQL maliciosas que consomem recursos excessivos de memória. Consulte o link de referência da IBM para obter instruções detalhadas sobre a atualização.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-1823 is a denial-of-service vulnerability in IBM Jazz Reporting Service allowing authenticated users to exhaust memory resources with crafted SQL queries.
You are affected if you are using IBM Jazz Reporting Service versions 7.0.3–7.1iFix006. Upgrade to 7.1.1 or later to mitigate the risk.
Upgrade IBM Jazz Reporting Service to version 7.1.1 or later. As a temporary workaround, restrict access and validate SQL inputs.
Currently, there are no publicly known active exploits for CVE-2025-1823, but vigilance is still advised.
Refer to the official IBM Security Bulletin for details: [https://www.ibm.com/support/kbdoc/firstdoc?docid=instance/common/sb129826](https://www.ibm.com/support/kbdoc/firstdoc?docid=instance/common/sb129826)
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.