CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
49.8%
RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-28322 This bulletin identifies the steps to take to address the vulnerability in RHEL.
CVEID:CVE-2023-28322
**DESCRIPTION:**cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST… By sending a specially crafted request, an attacker could exploit this vulnerability to cause application to misbehave and either send off the wrong data or use memory after free or similar in the second transfer.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255626 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Storage Ceph | <6.1z2 |
IBM Storage Ceph | 5.3z1-z5 |
IBM strongly recommends addressing the vulnerability now.
Download the latest version of IBM Storage Ceph and upgrade to 6.1z2 by following instructions.
<https://public.dhe.ibm.com/ibmdl/export/pub/storage/ceph/>
<https://www.ibm.com/docs/en/storage-ceph/6?topic=upgrading>
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | storage_ceph | 5.3 | cpe:2.3:a:ibm:storage_ceph:5.3:*:*:*:*:*:*:* |
ibm | storage_ceph | 1 | cpe:2.3:a:ibm:storage_ceph:1:*:*:*:*:*:*:* |
ibm | storage_ceph | 5 | cpe:2.3:a:ibm:storage_ceph:5:*:*:*:*:*:*:* |
ibm | storage_ceph | 6.1 | cpe:2.3:a:ibm:storage_ceph:6.1:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
49.8%