IBMDF291E76D51AB95F73355942C14C575FEF1D6224D4092DFA9E8B26690AF05A09Security Bulletin: Vulnerability in requests-2.27.1.tar.gz affects IBM Integrated Analytics System [CVE-2023-32681]
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
51.8%
Summary
The requests-2.27.1.tar.gz package is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVE [CVE-2023-32681].
Vulnerability Details
CVEID:CVE-2023-32681
**DESCRIPTION:**python-requests could allow a remote attacker to obtain sensitive information, caused by the leaking of Proxy-Authorization headers to destination servers during redirects to an HTTPS origin. By persuading a victim to click on a specially crafted URL, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256114 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Integrated Analytics System | 1.0.0-1.0.27.0 |
Remediation/Fixes
IBM strongly recommends addressing the vulnerability now by upgrading to latest version.
| Affected Product(s) | VRMF | Remediation/Fixes |
|---|---|---|
| IBM Integrated Analytics System | 1.0.28.0 | Link to Fix Central |
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm integrated analytics system | eq | any |
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
51.8%