7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
47.0%
IBM Workload Scheduler is potentially affected by a vulnerability in OpenSSL that could cause a system crash
CVEID:CVE-2022-4450
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the improper handling of specific PEM data by the PEM_read_bio_ex() function. By sending specially crafted PEM files for parsing, a remote attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/246615 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Workload Scheduler | 9.5 |
IBM Workload Scheduler | 9.4 |
IBM Workload Scheduler | 10.1 |
APAR IJ47125 has been opened to address the OpenSSL vulnerability for IBM Workload Scheduler.
APAR IJ47125 has been included in 9.5.0.6 Security 2023.03 and 10.1.0.3 versions. Customers using IBM Workload Scheduler 9.4 should open a support ticket requesting a fix to apply on top of 9.4.0.7 version.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm workload scheduler | eq | 9.4 | |
ibm workload scheduler | eq | 9.5 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
47.0%