Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM536BC382435371B05D64C7F0F5209386AAFC34FBFE7D1B2F024CE176E4C9A5F9
HistoryFeb 16, 2024 - 6:45 p.m.

Security Bulletin: IBM Workload Automation affected by multiple vulnerabilities in RHEL (CVE-2023-32681, CVE-2022-48468)

2024-02-1618:45:10
www.ibm.com
8
ibm workload automation
rhel
python-requests
protobuf-c
apar ij50049
fix central

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

7.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.8%

JSON

Summary

IBM Workload Automation (container solution) is affectedby multiple vulnerabilities found in RHEL.

Vulnerability Details

CVEID:CVE-2023-32681
**DESCRIPTION:**python-requests could allow a remote attacker to obtain sensitive information, caused by the leaking of Proxy-Authorization headers to destination servers during redirects to an HTTPS origin. By persuading a victim to click on a specially crafted URL, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256114 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N)

CVEID:CVE-2022-48468
**DESCRIPTION:**protobuf-c is vulnerable to a denial of service, caused by an integer overflow in pref_len. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253266 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Workload Scheduler 10.1
IBM Workload Scheduler 10.2

Remediation/Fixes

APAR IJ50049 has been opened to address the vulnerabilities in RHEL affecting IBM Workload Automation (container solution).
APAR IJ50049 is included in IBM Workload Automation 10.2.1 and IBM Workload Automation 10.1 FP4, available on Fix Central.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmworkload_schedulerMatch10.1
OR
ibmworkload_schedulerMatch9.5

Related

cbl_mariner 3
openvas 48
nessus 74
cvelist 2
veracode 2
osv 7
cve 2
ubuntucve 2
redos 2
fedora 6
redhat 7
nvd 1
almalinux 4
redhatcve 2
amazon 3
prion 2
oraclelinux 5
rosalinux 2
alpinelinux 1
ibm 16
debiancve 2
ubuntu 1
rocky 1
cgr 1
githubexploit 1
mageia 1
gentoo 1
cbl_mariner
cbl_mariner
CVE-2022-48468 affecting package protobuf-c for versions less than 1.4.1-1
2023-05-03 16:09:09
CVE-2022-48468 affecting package protobuf-c 1.3.2-1
2023-05-03 19:35:26
CVE-2023-32681 affecting package python-requests for versions less than 2.27.1-6
2023-06-27 20:56:13
openvas
openvas
Fedora: Security Advisory for libsignal-protocol-c (FEDORA-2023-6cfe134db6)
2023-04-30 00:00:00
Huawei EulerOS: Security Advisory for protobuf-c (EulerOS-SA-2023-2516)
2023-08-01 00:00:00
Huawei EulerOS: Security Advisory for protobuf-c (EulerOS-SA-2023-2338)
2023-07-10 00:00:00
nessus
nessus
EulerOS 2.0 SP10 : protobuf-c (EulerOS-SA-2023-2365)
2023-07-18 00:00:00
EulerOS 2.0 SP11 : protobuf-c (EulerOS-SA-2023-2704)
2024-01-16 00:00:00
EulerOS Virtualization 2.9.1 : protobuf-c (EulerOS-SA-2023-2516)
2023-07-31 00:00:00
cvelist
cvelist
CVE-2022-48468
2023-04-13 00:00:00
CVE-2023-32681 Unintended leak of Proxy-Authorization header in requests
2023-05-26 17:02:52
veracode
veracode
Integer Overflow
2023-04-19 07:47:02
Unintended Leaks Of Proxy-Authorization Header
2023-05-24 02:21:58
osv
osv
Moderate: protobuf-c security update
2023-11-14 00:00:00
Moderate: protobuf-c security update
2023-11-07 00:00:00
CVE-2022-48468
2023-04-13 21:15:07
cve
cve
CVE-2022-48468
2023-04-13 21:15:07
CVE-2023-32681
2023-05-26 18:15:14
ubuntucve
ubuntucve
CVE-2022-48468
2023-04-13 00:00:00
CVE-2023-32681
2023-05-26 00:00:00
redos
redos
ROS-20230619-06
2023-06-19 00:00:00
ROS-20240408-11
2024-04-08 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: libsignal-protocol-c-2.3.3-9.fc38
2023-04-29 02:53:16
[SECURITY] Fedora 37 Update: libsignal-protocol-c-2.3.3-8.fc37
2023-04-29 04:42:22
[SECURITY] Fedora 36 Update: libsignal-protocol-c-2.3.3-7.fc36
2023-04-29 05:12:26
redhat
redhat
(RHSA-2023:6944) Moderate: protobuf-c security update
2023-11-14 08:41:02
(RHSA-2023:6621) Moderate: protobuf-c security update
2023-11-07 06:10:25
(RHSA-2024:0406) Moderate: protobuf-c security update
2024-01-24 14:40:18
nvd
nvd
CVE-2022-48468
2023-04-13 21:15:07
almalinux
almalinux
Moderate: protobuf-c security update
2023-11-14 00:00:00
Moderate: protobuf-c security update
2023-11-07 00:00:00
Moderate: python27:2.7 security and bug fix update
2023-11-14 00:00:00
redhatcve
redhatcve
CVE-2022-48468
2023-04-14 06:00:36
CVE-2023-32681
2023-05-24 03:40:09
amazon
amazon
Medium: protobuf-c
2023-07-17 17:40:00
Medium: python3-requests
2023-07-05 22:01:00
Medium: python-requests
2023-07-05 22:01:00
prion
prion
Integer overflow
2023-04-13 21:15:00
Design/Logic Flaw
2023-05-26 18:15:00
oraclelinux
oraclelinux
protobuf-c security update
2023-11-17 00:00:00
protobuf-c security update
2023-11-11 00:00:00
python27:2.7 security and bug fix update
2023-11-18 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2374
2024-03-19 12:32:38
Advisory ROSA-SA-2024-2397
2024-04-11 07:53:20
alpinelinux
alpinelinux
CVE-2022-48468
2023-04-13 21:15:00
ibm
ibm
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to protobuf-c Integer Overflow or Wraparound vulnerabilitiy [ CVE-2022-48468]
2024-02-05 20:00:21
Security Bulletin: Vulnerability in python-requests affects IBM Process Mining . CVE-2023-32681
2023-10-09 10:33:52
Security Bulletin: IBM Cinder plug-in is affected by a vulnerability in the Python requests-2.28.2-py3-none-any.whl [CVE-2023-32681]
2023-12-04 12:03:03
debiancve
debiancve
CVE-2022-48468
2023-04-13 21:15:07
CVE-2023-32681
2023-05-26 18:15:14
ubuntu
ubuntu
Requests vulnerability
2023-06-15 00:00:00
rocky
rocky
python-requests security update
2023-08-28 18:40:41
cgr
cgr
CVE-2023-32681 vulnerabilities
2024-05-19 03:07:16
githubexploit
githubexploit
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Python Requests
2023-07-22 05:24:58
mageia
mageia
Updated python-requests packages fix security vulnerability
2023-06-28 08:21:41
gentoo
gentoo
Requests: Information Leak
2023-09-17 00:00:00

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

7.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.8%

JSON
Related for 536BC382435371B05D64C7F0F5209386AAFC34FBFE7D1B2F024CE176E4C9A5F9
cbl_mariner3openvas48nessus74cvelist2veracode2osv7cve2ubuntucve2redos2fedora6redhat7nvd1almalinux4redhatcve2amazon3prion2oraclelinux5rosalinux2alpinelinux1ibm16debiancve2ubuntu1rocky1cgr1githubexploit1mageia1gentoo1