Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities (CVE-2020-10735)

Summary

IBM Security SOAR uses an older version of Python that may be identified and exploited. An update has been released which addresses these issues. It is recommended upgrading to Version 47.2 or later of IBM Security SOAR.

Vulnerability Details

CVEID:CVE-2020-10735
**DESCRIPTION:**Python is vulnerable to a denial of service, caused by the failure to limit amount of digits converting text to int by the int() type in PyLong_FromString(). A remote attacker could exploit this vulnerability to consume all available resources.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235840 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Remediation/Fixes

IBM encourages customers to promptly update their systems.

Users must upgrade to v47.2 or higher of IBM SOAR in order to obtain a fix for this vulnerability.

You can upgrade the platform and apply the security updates by following the instructions in the “Upgrade Procedure” section in the IBM Documentation

Workarounds and Mitigations

None