Security Bulletin: Python (Publicly disclosed vulnerability) in IBM Tivoli Application Dependency Discovery Manager (CVE-2022-0391)

Summary

A Publicly disclosed vulnerability in Open Source Python affects IBM Tivoli Application Dependency Discovery Manager (CVE-2022-0391)

Vulnerability Details

CVEID:CVE-2022-0391
**DESCRIPTION:**Python could provide weaker than expected security, cause by a improper input validation by the urllib.parse module. By sending a specially-crafted request using \r and \n characters in the URL path. An attacker could exploit this vulnerability to perform injection attack or launch further attacks on the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219613 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Remediation/Fixes

In order to fix this vulnerability, Please follow the below steps:

Detailed steps:

For TADDM (7.3.0.8 - 7.3.0.9), please apply eFix given in Table-1.

Table-1

**For TADDM(7.3.0.0 - 7.3.0.7),**please upgrade TADDM to version 7.3.0.8 or 7.3.0.9 (preferably 7.3.0.9) and apply eFix given in Table-1.

Workarounds and Mitigations

The above eFixe(s) for the respective FixPack(s) can be downloaded and applied directly.