IBM Workload Scheduler is affected by a vulnerability in OpenSSL that can cause denial of service (CVE-2023-6237)
**CVEID:**CVE-2023-6237 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the handling of RSA public keys by the EVP_PKEY_public_check() function. By persuading a victim to sue a specially crafted RSA public keys for verification, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279450 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Workload Scheduler | 10.2 to 10.2.1 |
IBM strongly recommends addressing the vulnerability now by upgrading IBM Workload Scheduler.
APAR IJ52173 has been opened to address the OpenSSL vulnerability for IBM Workload Scheduler.
APAR IJ52173 has been included in 10.2.2 version, available on Fix Central.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | workload_scheduler | 10.2 | cpe:2.3:a:ibm:workload_scheduler:10.2:*:*:*:*:*:*:* |