IBMA2B4AE0CAA153F717FC9D290DE4B7A563C9B926DE7D7C6B738B1746EC64BEBCBSecurity Bulletin: Resilient is vulnerable to using Python component with known vulnerabilities in RHEL 7
EPSS
Percentile
75.9%
Summary
Resilient is vulnerable to using Python component with known vulnerabilities in RHEL 7. This CVE is fixed in RHEL7 as part of Errata RHSA-2019:1587 (https://access.redhat.com/errata/RHSA-2019:1587). This update is included in Resilient 33.0.5087 released on June28, 2019, and subsequent versions. It can be installed by following the instructions in https://www.ibm.com/support/knowledgecenter/SSBRUQ_33.0.0/com.ibm.resilient.doc/install/resilient_install_updates_sw.htm (The relevant package included in the update is python-2.7.5-80.el7_6.x86_64.rpm )
Vulnerability Details
CVEID:CVE-2019-10160
**DESCRIPTION:**Python urllib.parse.urlsplit and urllib.parse.urlparse components could allow a remote attacker to obtain sensitive information, caused by improper unicode encoding handling. By using a specially-crafted URL, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/162358 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Resilient | v33.x |
| IBM Resilient | V34.0 |
| IBM Resilient | v34.x |
Remediation/Fixes
This CVE is fixed in RHEL7 as part of Errata RHSA-2019:1587 (<https://access.redhat.com/errata/RHSA-2019>:1587). This update is included in Resilient 33.0.5087 released on June28, 2019, and subsequent versions. It can be installed by following the instructions in <https://www.ibm.com/support/knowledgecenter/SSBRUQ_33.0.0/com.ibm.resilient.doc/install/resilient_install_updates_sw.htm> (The relevant package included in the update is python-2.7.5-80.el7_6.x86_64.rpm )
Workarounds and Mitigations
None
Related
EPSS
Percentile
75.9%