Lucene search

IBM2D7AC84E569B9DD9D0A8CDAB94996A0E7B04269B96683AF7F1AFBB822E46385C

HistoryNov 18, 2022 - 12:30 p.m.

Security Bulletin: Python (Publicly disclosed vulnerability) in IBM Tivoli Application Dependency Discovery Manager (CVE-2021-3733)

2022-11-1812:30:07

www.ibm.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

65.7%

JSON

Summary

A Publicly disclosed vulnerability in Open Source Python affects IBM Tivoli Application Dependency Discovery Manager (CVE-2021-3733)

Vulnerability Details

CVEID:CVE-2021-3733
**DESCRIPTION:**Python is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the AbstractBasicAuthHandler class in urllib. By persuading a victim to visit a specially-crafted web site, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213034 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Tivoli Application Dependency Discovery Manager	7.3.0.3 -7.3.0.9

Remediation/Fixes

Fix	VRMF	APAR	How to acquire fix
efix_CVE-2021-3733_FP8201126.zip	7.3.0.3 -7.3.0.9	NONE	Download eFix

Workarounds and Mitigations

The above eFixe(s) for the respective FixPack(s) can be downloaded and applied directly.

CPENameOperatorVersion
tivoli application dependency discovery managereq7.3.0.

CPE	Name	Operator	Version
	tivoli application dependency discovery manager	eq	7.3.0.

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

65.7%

JSON

Related for 2D7AC84E569B9DD9D0A8CDAB94996A0E7B04269B96683AF7F1AFBB822E46385C