IBM1D16DA96D5C68F34C7CA606026BC7B375A662FB0800D2E6367B2F52E4B6641B2Security Bulletin: IBM Workload Automation potentially affected by a vulnerability in Okio GzipSource (CVE-2023-3635)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.8%
Summary
IBM Workload Automation is potentially affected by a vulnerability found in Okio GzipSource that can cause denial of service.
Vulnerability Details
CVEID:CVE-2023-3635
**DESCRIPTION:**Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a specially crafted gzip buffer, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/260866 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Workload Scheduler | 10.2 |
Remediation/Fixes
APAR IJ47752 has been opened to address the Okio GzipSource vulnerability affecting IBM Workload Automation.
APAR IJ47752 is included in IBM Workload Automation 10.2.0.1, available on Fix Central.
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm workload scheduler | eq | 10.1 | |
| ibm workload scheduler | eq | 9.5 |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.8%