Lucene search

IbmCVELIST:CVE-2022-38389

HistoryFeb 02, 2023 - 6:00 p.m.

CVE-2022-38389 IBM Tivoli Workload Scheduler XML external entity injection

2023-02-0218:00:54

CWE-611

ibm

www.cve.org

ibm

tivoli workload scheduler

xml external entity injection

remote attacker

vulnerability

x-force id

information exposure

memory consumption

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

AI Score

8.9

Confidence

High

EPSS

0.002

Percentile

52.6%

JSON

IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233975.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Tivoli Workload Scheduler",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "9.4, 9.5, 10.1"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/233975

www.ibm.com/support/pages/node/6890695

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

AI Score

8.9

Confidence

High

EPSS

0.002

Percentile

52.6%

JSON

Related for CVELIST:CVE-2022-38389