5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
7.2 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
56.6%
Libcurl is used by IBM Safer Payments as part of the AVRO support for Kafka. These vulnerabilities have been addressed.
CVEID:CVE-2023-32001
**DESCRIPTION:**cURL libcurl could allow a remote authenticated attacker to bypass security restrictions, caused by a race condition in the fopen() function when saving cookie, HSTS and/or alt-svc data to files. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to create or overwrite protected files.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261025 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
CVEID:CVE-2023-28321
**DESCRIPTION:**cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw when listed as “Subject Alternative Name” in TLS server certificates. By sending a specially crafted request, an attacker could exploit this vulnerability to accept mismatch wildcard patterns.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255625 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2023-28322
**DESCRIPTION:**cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST… By sending a specially crafted request, an attacker could exploit this vulnerability to cause application to misbehave and either send off the wrong data or use memory after free or similar in the second transfer.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255626 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Safer Payments | 6.4.0.00 - 6.4.2.04, 6.5.0.00 - 6.5.0.02, 6.6.0.00 |
Update IBM Safer Payments to version 6.4.2.05, 6.5.0.03, 6.6.0.01, or higher.
Refer to the IBM Safer Payments documentation to download the updates.
Disable the Kafka Interface on all instances in the cluster.
CPE | Name | Operator | Version |
---|---|---|---|
ibm safer payments | eq | 6.4 | |
ibm safer payments | eq | 6.5 | |
ibm safer payments | eq | 6.6 |
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
7.2 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
56.6%