CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
34.6%
Pulsar is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. [CVE-2023-51437] The below vulnerability have been addressed.
CVEID:CVE-2023-51437
**DESCRIPTION:**Apache Pulsar could allow a remote attacker to bypass security restrictions, caused by an observable timing discrepancy in SASL Authentication Provider. An attacker could exploit this vulnerability to forge an SASL Role Token that will pass signature verification.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/281597 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|
Transport Module Common Integration Library
|
common-transportmodule-29_0 up to and including common-transportmodule-38_4.
Product(s)
|
Version(s)
|
Remediation / First Fix
—|—|—
Transport Module Common Integration Library
|
common-transportmodule-39_0
|
Refer to release notice for the part number of the new package and instructions for the upgrade.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | tivoli_netcool_webtop | 8.1.0 | cpe:2.3:a:ibm:tivoli_netcool_webtop:8.1.0:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
34.6%