Stack overflow via TIS_CODESET environment variable in IBM Workload Scheduler chkhltst program on Linux, Unix.
CVEID:CVE-2021-20349
**DESCRIPTION:**IBM Tivoli Workload Scheduler is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194599 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Workload Scheduler | 9.5 |
IBM Workload Scheduler | 9.4 |
APAR IJ30794 has been opened to address CVE-2021-20349.
Apar IJ30794 has been included in IBM Workload Scheduler 9.5.0.4 and it is already available on FixCentral for 9.4 release (940-TIV-TWS-FP7-IJ30794) to be applied on top of 9.4.0.7.
None