7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
0.003 Low
EPSS
Percentile
65.5%
OpenSSL used by IBM Events Operator as part of the Operating System (CVE-2023-0286).
CVEID:CVE-2023-0286
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a type confusion error related to X.400 address processing inside an X.509 GeneralName. By passing arbitrary pointers to a memcmp call, a remote attacker could exploit this vulnerability to read memory contents or cause a denial of service.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/246611 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Events Operator | 3.7.0 - 4.7.0 |
IBM strongly recommends addressing the vulnerability now by upgrading
Upgrade to IBM Events Operator 4.8.0.
This gets included into IBM Common Services and is included in 3.19.x, 3.23.x and 4.x channels. Follow the upgrading and migrating to upgrade to a newer version of IBM Common Services.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm events operator | ge | 3.7.0 | |
ibm events operator | le | 4.7.0 |
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
0.003 Low
EPSS
Percentile
65.5%