7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
60.0%
Vulnerabilities in Urllib3 and react-bootstrap-table such as problems on the regular expression cause denial of service, improper validations in parameters and problems related to cross-site scripting, may affect IBM Spectrum Discover.
CVEID:CVE-2021-33503
**DESCRIPTION:**urllib3 is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw due to catastrophic backtracking. By sending a specially-crafted URL request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203109 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2021-23398
**DESCRIPTION:**Node.js react-bootstrap-table module is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the dataFormat parameter. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/204402 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
Spectrum Discover | 2.0.3 |
Spectrum Discover | 2.0.3.1 |
Spectrum Discover | 2.0.3.2 |
Spectrum Discover | 2.0.3.3 |
Spectrum Discover | 2.0.3.4 |
Spectrum Discover | 2.0.3.5 |
Spectrum Discover | 2.0.4 |
Spectrum Discover | 2.0.4.1 |
Spectrum Discover | 2.0.4.2 |
Installed versions of Spectrum Discover (2.0.3, 2.0.3.1, 2.0.3.2, 2.0.3.3, 2.0.3.4, 2.0.3.5, 2.0.4, 2.0.4.1, 2.0.4.2) can be upgraded to fixed version using the IBM Spectrum Discover 2.0.3.6 upgrader and IBM Spectrum Discover 2.0.4.3 upgrader.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum discover | eq | 2.0.3.6 | |
ibm spectrum discover | eq | 2.0.4.3 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
60.0%