Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM15CEB01D43AC917523D42414561C7304FCE294D844764A2AAA541BD60A510510
HistoryMar 29, 2024 - 1:37 a.m.

Security Bulletin: Due to use of Apache Pulsar, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to security restrictions bypass

2024-03-2901:37:10
www.ibm.com
12
apache pulsar
ibm tivoli netcool
omnibus transport module
security restrictions bypass
cve-2023-51437
timing discrepancy
sasl authentication provider
cvss 7.5
common-transportmodule-38_4
remediation
upgrade.

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

34.6%

JSON

Summary

Pulsar is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. [CVE-2023-51437] The below vulnerability have been addressed.

Vulnerability Details

CVEID:CVE-2023-51437
**DESCRIPTION:**Apache Pulsar could allow a remote attacker to bypass security restrictions, caused by an observable timing discrepancy in SASL Authentication Provider. An attacker could exploit this vulnerability to forge an SASL Role Token that will pass signature verification.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/281597 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s) Version(s)

Transport Module Common Integration Library

|

common-transportmodule-29_0 up to and including common-transportmodule-38_4.

Remediation/Fixes

Product(s)

|

Version(s)

|

Remediation / First Fix

—|—|—

Transport Module Common Integration Library

|

common-transportmodule-39_0

|

Refer to release notice for the part number of the new package and instructions for the upgrade.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmtivoli_netcool_webtopMatch8.1.0
VendorProductVersionCPE
ibmtivoli_netcool_webtop8.1.0cpe:2.3:a:ibm:tivoli_netcool_webtop:8.1.0:*:*:*:*:*:*:*

Related

osv 2
cve 1
nvd 1
vulnrichment 1
prion 1
veracode 1
cvelist 1
github 1
osv
osv
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability
2024-02-07 12:30:25
CVE-2023-51437
2024-02-07 10:15:08
cve
cve
CVE-2023-51437
2024-02-07 10:15:08
nvd
nvd
CVE-2023-51437
2024-02-07 10:15:08
vulnrichment
vulnrichment
CVE-2023-51437 Apache Pulsar: Timing attack in SASL token signature verification
2024-02-07 09:18:19
prion
prion
Buffer overflow
2024-02-07 10:15:00
veracode
veracode
Timing Attack
2024-02-08 05:44:32
cvelist
cvelist
CVE-2023-51437 Apache Pulsar: Timing attack in SASL token signature verification
2024-02-07 09:18:19
github
github
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability
2024-02-07 12:30:25

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

34.6%

JSON
Related for 15CEB01D43AC917523D42414561C7304FCE294D844764A2AAA541BD60A510510
osv2cve1nvd1vulnrichment1prion1veracode1cvelist1github1