7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
cURL vulnerabilities were disclosed by the cURL Project. OpenSSL is used by IBM Workload Manager. IBM Workload Manager has addressed the applicable CVEs
CVE-ID: CVE-2016-8616
Description: cURL/libcurl could allow a remote attacker to bypass security restrictions, caused by the use of case insensitive comparisons. By using valid credentials exists for a protocol which supports connection-scoped credentials, an attacker could exploit this vulnerability to cause a connection to be reused.
CVSS Base Score: 5.300
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/118633> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVE-ID: CVE-2016-8621
Description: cURL/libcurl could allow a remote attacker to obtain sensitive information, caused by an out of bounds read error within the curl_getdate function. By using specially-crafted date strings, a remote attacker could exploit this vulnerability to execute arbitrary code in the context of the process and obtain sensitive information.
CVSS Base Score: 5.300
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/118639> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVE-ID: CVE-2016-8624
Description: cURL/libcurl could allow a remote attacker to bypass security restrictions, caused by the failure to parse the authority component of the URL when handling ‘#’ character. By using a specially-crafted URL with ‘#’ character, an attacker could exploit this vulnerability to bypass access restrictions.
CVSS Base Score: 5.300
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/118642> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
TWS uses cURL libraries only for secure communication.
These security exposures do not apply to the embedded WebSphere Application Server but only to the TWS dynamic agent. These are the affected releases
Tivoli Workload Scheduler Distributed 8.6.0 FP04 and earlier
Tivoli Workload Scheduler Distributed 9.1.0 FP02 and earlier
Tivoli Workload Scheduler Distributed 9.2.0 FP02 and earlier
IBM Workload Scheduler Distributed 9.3.0 FP02 and earlier
IBM Workload Scheduler Distributed 9.4.0 GA
APAR IV92358 has been opened to address the cURL vulnerabilities for Tivoli Workload Scheduler.
The following limited availability fixes for IV92358 are available for download on FixCentral
8.6.0-TIV-TWS-FP0004-IV92358
to be applied on top of Tivoli Workload Scheduler Distributed 8.6.0 FP04
9.1.0-TIV-TWS-FP0002-IV92358
to be applied on top of Tivoli Workload Scheduler Distributed 9.1.0 FP02
9.2.0-TIV-TWS-FP0002-IV92358
to be applied on top of Tivoli Workload Scheduler Distributed 9.2.0 FP02
IV92358 has been already included in TWS 9.3 FP0003, and TWS 9.4 FP0001.
For Unsupported releases IBM recommends upgrading to a fixed, supported release of the product.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm workload scheduler | eq | 8.6 | |
ibm workload scheduler | eq | 9.1 | |
ibm workload scheduler | eq | 9.2 | |
ibm workload scheduler | eq | 9.3 | |
ibm workload scheduler | eq | 9.4 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N