7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.008 Low
EPSS
Percentile
81.5%
CVEID: CVE-2022-45061 An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. IBM Spectrum Protect Plus and its agent for IBM Db2 and MonfoDB will use Python 3.9.16 or one of the other version with the fix.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Protect Plus MongoDB Agent | 10.1 |
IBM Spectrum Protect Plus Db2 Agent | 10.1 |
IBM Spectrum Protect Plus MongoDB Agent | 10.1 |
Upgrade to IBM Spectrum Protect Plus 10.1.14
IBM Spectrum Protect Plus Db2 Agent Affected Versions | Fixing Level | Platform | Link to Fix and Instructions |
---|---|---|---|
10.1.0 - 10.1.13 | 10.1.14 | Linux | <https://www.ibm.com/support/pages/node/6942717> |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum protect plus | eq | 10.1 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.008 Low
EPSS
Percentile
81.5%