CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
66.0%
The Java library quartz/quartz-jobs is used by IBM Storage Fusion HCI for backup scheduling. A vulnerability in this library includes code injection that could lead to execution of arbitrary code as described in the CVE listed in the ‘Vulnerabilities Details’ section. This bulletin identifies the steps to take to address the vulnerability.
CVEID:CVE-2023-39017
**DESCRIPTION:**Quartz Job Scheduler could allow a remote attacker to execute arbitrary code on the system, caused by improper neutralization of user supplied-input by the org.quartz.jobs.ee.jms.SendQueueMessageJob.execute component. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262034 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Storage Fusion HCI | 2.5.2 - 2.6.1 |
IBM strongly recommends addressing the vulnerability now.
Product(s) | **Version(s) number and/or range ** | Remediation/Fix/Instructions |
---|---|---|
IBM Storage Fusion HCI | 2.5.2 - 2.6.1 |
None
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
66.0%