7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
56.4%
IBM Workload Automation is potentially affected by multiple vulnerabilities in OpenSSL that could cause Denial of Service (CVE-2023-4807, CVE-2023-3817)
CVEID:CVE-2023-4807
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a state corruption flaw in the POLY1305 MAC (message authentication code) implementation, when running on newer X86_64 processors supporting the AVX512-IFMA instructions. A local authenticated attacker could exploit this vulnerability to cause an incorrect result of some application dependent calculations or a crash or in some cases gain complete control of the application process.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265578 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-3817
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check() functions to check a DH key or DH parameters. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262046 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Workload Scheduler | 9.5 to 9.5.0.6 Security 2023.03 |
IBM Workload Scheduler | 10.1 to 10.1.0.3 |
IBM Workload Scheduler | 10.2 |
IBM strongly recommends addressing the vulnerability now by upgrading IBM Workload Automation.
APAR IJ50711 has been opened to address the OpenSSL vulnerability for IBM Workload Automation.
APAR IJ50711 has been included in 9.5.0.7, 10.1.0.4 and 10.2.1 versions, available on Fix Central.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm workload scheduler | eq | 9.5 | |
ibm workload scheduler | eq | 10.1 | |
ibm workload scheduler | eq | 10.2 |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
56.4%