7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
58.9%
A Publicly disclosed vulnerability in Open Source Python affects IBM Tivoli Application Dependency Discovery Manager (CVE-2022-0391)
CVEID:CVE-2022-0391
**DESCRIPTION:**Python could provide weaker than expected security, cause by a improper input validation by the urllib.parse module. By sending a specially-crafted request using \r and \n characters in the URL path. An attacker could exploit this vulnerability to perform injection attack or launch further attacks on the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219613 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Tivoli Application Dependency Discovery Manager | 7.3.0.0 - 7.3.0.9 |
In order to fix this vulnerability, Please follow the below steps:
Detailed steps:
For TADDM (7.3.0.8 - 7.3.0.9), please apply eFix given in Table-1.
Table-1
Fix | VRMF | APAR | How to acquire fix |
---|---|---|---|
efix_CVE-2022-0391_FP9211123.zip | 7.3.0.8 -7.3.0.9 | NONE | Download eFix |
**For TADDM(7.3.0.0 - 7.3.0.7),**please upgrade TADDM to version 7.3.0.8 or 7.3.0.9 (preferably 7.3.0.9) and apply eFix given in Table-1.
The above eFixe(s) for the respective FixPack(s) can be downloaded and applied directly.
CPE | Name | Operator | Version |
---|---|---|---|
tivoli application dependency discovery manager | eq | 7.3.0. |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
58.9%