Lucene search

K
ibmIBM21AA4A6FF2390495739E4193745B98C0A9C9C55671C255380355959BFF9216BF
HistorySep 03, 2024 - 10:46 p.m.

Security Bulletin: vulnerability in OpenSSL affects IBM Workload Scheduler.

2024-09-0322:46:37
www.ibm.com
6
ibm workload scheduler
openssl
vulnerability
denial of service

AI Score

6.1

Confidence

High

EPSS

0

Percentile

16.4%

Summary

IBM Workload Scheduler is affected by a vulnerability in OpenSSL that can cause denial of service (CVE-2023-6237)

Vulnerability Details

**CVEID:**CVE-2023-6237 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the handling of RSA public keys by the EVP_PKEY_public_check() function. By persuading a victim to sue a specially crafted RSA public keys for verification, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279450 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Workload Scheduler 10.2 to 10.2.1

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading IBM Workload Scheduler.

APAR IJ52173 has been opened to address the OpenSSL vulnerability for IBM Workload Scheduler.
APAR IJ52173 has been included in 10.2.2 version, available on Fix Central.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmworkload_schedulerMatch10.2
VendorProductVersionCPE
ibmworkload_scheduler10.2cpe:2.3:a:ibm:workload_scheduler:10.2:*:*:*:*:*:*:*