CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
52.1%
A publicly disclosed vulnerability in Python affects IBM Tivoli Application Dependency Discovery Manager (CVE-2023-24329)
CVEID:CVE-2023-24329
**DESCRIPTION:**Python could allow a remote attacker to bypass security restrictions, caused by a flaw in the urllib.parse component. By sending a specially-crafted request using URL starts with blank characters, an attacker could exploit this vulnerability to bypass blocklisting methods.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247730 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Tivoli Application Dependency Discovery Manager | 7.3.0.3 -7.3.0.10 |
IBM strongly recommends addressing the vulnerability using the efix below published on FixCentral.
Fix | VRMF | APAR | How to acquire fix |
---|---|---|---|
efix_jython_CVE-2023-24329_FP10221123.zip | 7.3.0.3 -7.3.0.10 | NONE | Download eFix |
none
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | tivoli_application_dependency_discovery_manager | 7.3.0. | cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
52.1%