Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM229E9A32ECFC92A3CA2BE525099E65C17C6052C881B00126E82BDA2A8AB3CEAC
HistoryFeb 13, 2024 - 4:30 p.m.

Security Bulletin: IBM Workload Automation potentially affected by a vulnerability in Google Guava (CVE-2023-2976)

2024-02-1316:30:07
www.ibm.com
11
ibm workload automation
google guava
vulnerability
sensitive information disclosure
cvss base score 5.5
apar ij47757
workaround
mitigation

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.5%

JSON

Summary

IBM Workload Automation is potentially affected by a vulnerability found in Google Guava that can cause sensitive information disclosure.

Vulnerability Details

CVEID:CVE-2023-2976
**DESCRIPTION:**Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Javaโ€™s default temporary directory for file creation in FileBackedOutputStream. By sending a specially crafted request, an attacker could exploit this vulnerability to access the files in the default Java temporary directory, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258199 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Workload Scheduler 10.2

Remediation/Fixes

APAR IJ47757 has been opened to address the Google Guava vulnerability affecting IBM Workload Automation.
APAR IJ47757 is included in IBM Workload Automation 10.2.0.1, available on Fix Central.

Workarounds and Mitigations

None

Related

osv 2
ibm 41
nessus 25
cvelist 1
redhatcve 1
atlassian 3
cve 1
prion 1
redos 1
debiancve 1
cgr 1
ubuntucve 1
github 1
veracode 1
wolfi 1
openvas 2
intel 1
mageia 1
redhat 18
oracle 3
osv
osv
Guava vulnerable to insecure use of temporary directory
2023-06-14 18:30:38
CVE-2023-2976
2023-06-14 18:15:09
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of confidentiality due to [CVE-2023-2976]
2023-07-28 14:33:31
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Google Guava [CVE-2023-2976]
2023-09-29 20:53:41
Security Bulletin: Google Guava component is vulnerable to CVE-2023-2976 is used by IBM Jazz Reporting Services.
2023-10-04 07:50:44
nessus
nessus
Amazon Linux 2023 : guava, guava-javadoc, guava-testlib (ALAS2023-2023-305)
2023-08-24 00:00:00
Amazon Linux 2023 : guava, guava-javadoc, guava-testlib (ALAS2023-2023-458)
2023-12-15 00:00:00
Atlassian Jira Service Management Data Center and Server < 5.4.16 / 5.5.x < 5.12.3 / 5.13.x < 5.13.1 / 5.14.0 (JSDSERVER-15111)
2024-03-25 00:00:00
cvelist
cvelist
CVE-2023-2976 Use of temporary directory for file creation in `FileBackedOutputStream` in Guava
2023-06-14 17:36:40
redhatcve
redhatcve
CVE-2023-2976
2023-07-01 06:23:57
atlassian
atlassian
com.google.guava:guava Dependency in Confluence Data Center and Server
2024-02-14 20:46:01
Info Disclosure com.google.guava:guava in Jira Software Data Center and Server
2023-11-14 03:45:23
com.google.guava:guava Dependency in Jira Service Management Data Center and Server
2024-02-12 03:45:36
cve
cve
CVE-2023-2976
2023-06-14 18:15:09
prion
prion
Design/Logic Flaw
2023-06-14 18:15:00
redos
redos
ROS-20240507-03
2024-05-07 00:00:00
debiancve
debiancve
CVE-2023-2976
2023-06-14 18:15:09
cgr
cgr
CVE-2023-2976 vulnerabilities
2024-05-19 03:07:16
ubuntucve
ubuntucve
CVE-2023-2976
2023-06-14 00:00:00
github
github
Guava vulnerable to insecure use of temporary directory
2023-06-14 18:30:38
veracode
veracode
Information Disclosure
2023-06-15 11:50:55
wolfi
wolfi
CVE-2023-2976 vulnerabilities
2024-05-31 21:07:36
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0159)
2024-05-01 00:00:00
openSUSE: Security Advisory for guava (SUSE-SU-2023:3090-1)
2024-03-04 00:00:00
intel
intel
Intelยฎ Unisonโ„ข Software Advisory
2024-02-13 00:00:00
mageia
mageia
Updated guava packages fix security vulnerabilities
2024-05-01 01:25:14
redhat
redhat
(RHSA-2023:5491) Moderate: Red Hat AMQ Broker 7.11.2 release and security update
2023-10-05 22:36:05
(RHSA-2024:2707) Important: Red Hat Build of Apache Camel security update
2024-05-06 14:08:42
(RHSA-2023:7641) Important: Red Hat JBoss Enterprise Application Platform 7.4.14 security update
2023-12-04 18:00:34
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.5%

JSON
Related for 229E9A32ECFC92A3CA2BE525099E65C17C6052C881B00126E82BDA2A8AB3CEAC
osv2ibm41nessus25cvelist1redhatcve1atlassian3cve1prion1redos1debiancve1cgr1ubuntucve1github1veracode1wolfi1openvas2intel1mageia1redhat18oracle3