IBM Workload Automation is potentially affected by a vulnerability found in Google Guava that can cause sensitive information disclosure.
CVEID:CVE-2023-2976
**DESCRIPTION:**Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Javaโs default temporary directory for file creation in FileBackedOutputStream. By sending a specially crafted request, an attacker could exploit this vulnerability to access the files in the default Java temporary directory, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258199 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Workload Scheduler | 10.2 |
APAR IJ47757 has been opened to address the Google Guava vulnerability affecting IBM Workload Automation.
APAR IJ47757 is included in IBM Workload Automation 10.2.0.1, available on Fix Central.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm workload scheduler | eq | 10.1 | |
ibm workload scheduler | eq | 9.5 |