IBMA804F382BB1C9D0031DC0A8AC07F614034F12ABE397E6ED69D3AFBF5D1550BD1Security Bulletin: vulnerability in OpenSSL affects IBM Workload Automation.
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
AI Score
Confidence
High
Summary
IBM Workload Automation is potentially affected by a vulnerability in OpenSSL that can cause denial of service (CVE-2023-6129)
Vulnerability Details
CVEID:CVE-2023-6129
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a flaw in the POLY1305 MAC (message authentication code) implementation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/278934 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Workload Scheduler | 10.2 |
Remediation/Fixes
IBM strongly recommends addressing the vulnerability now by upgrading IBM Workload Automation.
APAR IJ51944 has been opened to address the OpenSSL vulnerability for IBM Workload Automation.
APAR IJ51944 has been included in 10.2.2 version, available on Fix Central.
Workarounds and Mitigations
None
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | workload_scheduler | 10.2 | cpe:2.3:a:ibm:workload_scheduler:10.2:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
AI Score
Confidence
High