Lucene search

IBMEA0219705578C725D8CF98742CAAEB77FFD9E95982C91847FEE6023D1CF2C969

HistoryFeb 28, 2024 - 4:17 p.m.

Security Bulletin: IBM Spectrum Symphony with urllib3 could allow a remote authenticated attacker to obtain sensitive information

2024-02-2816:17:55

www.ibm.com

ibm spectrum symphony

urllib3

remote attacker

info leak

cve-2023-45803

security patch

4.2 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.0%

JSON

Summary

IBM Spectrum Symphony with urllib3 could allow a remote authenticated attacker to obtain sensitive information

Vulnerability Details

CVEID:CVE-2023-45803
**DESCRIPTION:**urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw with not remove the HTTP request body when an HTTP redirect response using status 303. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/269079 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Spectrum Symphony	IBM Spectrum Symphony 7.3.2

Remediation/Fixes

IBM strongly suggests the following remediation or fix:

Upgrade to the latest versions of IBM Spectrum Symphony FP2 + security patch(IBM Spectrum Symphony 7.3.2 with Fix 601860).

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmspectrum_symphonyMatch7.3.2

CPENameOperatorVersion
ibm spectrum symphonyeq7.3.2

CPE	Name	Operator	Version
	ibm spectrum symphony	eq	7.3.2

4.2 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.0%

JSON

Related for EA0219705578C725D8CF98742CAAEB77FFD9E95982C91847FEE6023D1CF2C969