Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM2FCB6E420128BF4E3B62361B8F97C92729299B6BDAD67FB70DCDA47AB6EDB2B5
HistoryAug 09, 2021 - 3:26 p.m.

Security Bulletin: Stack overflow via TIS_CODESET environment variable in IBM Workload Scheduler

2021-08-0915:26:30
www.ibm.com
6

0.0004 Low

EPSS

Percentile

5.1%

JSON

Summary

Stack overflow via TIS_CODESET environment variable in IBM Workload Scheduler chkhltst program on Linux, Unix.

Vulnerability Details

CVEID:CVE-2021-20349
**DESCRIPTION:**IBM Tivoli Workload Scheduler is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194599 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Workload Scheduler 9.5
IBM Workload Scheduler 9.4

Remediation/Fixes

APAR IJ30794 has been opened to address CVE-2021-20349.
Apar IJ30794 has been included in IBM Workload Scheduler 9.5.0.4 and it is already available on FixCentral for 9.4 release (940-TIV-TWS-FP7-IJ30794) to be applied on top of 9.4.0.7.

Workarounds and Mitigations

None

Related

cnvd 1
cvelist 1
prion 1
nvd 1
cve 1
cnvd
cnvd
IBM Tivoli Workload Scheduler Buffer Overflow Vulnerability
2021-08-24 00:00:00
cvelist
cvelist
CVE-2021-20349
2021-08-06 00:00:00
prion
prion
Stack overflow
2021-08-09 16:15:00
nvd
nvd
CVE-2021-20349
2021-08-09 16:15:06
cve
cve
CVE-2021-20349
2021-08-09 16:15:06

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for 2FCB6E420128BF4E3B62361B8F97C92729299B6BDAD67FB70DCDA47AB6EDB2B5
cnvd1cvelist1prion1nvd1cve1