Lucene search

IBM340B9327A8958BF1CAF7694F2BECF8171C480DD0A0C52F21ACB1D348482FD312

HistoryJun 28, 2024 - 12:44 p.m.

Security Bulletin: A vulnerability in setuptools affects Data Replication on Cloud Pak for Data

2024-06-2812:44:17

www.ibm.com

vulnerability

denial of service

setuptools

data replication

cloud pak for data

fix pack

update

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.5%

JSON

Summary

A vulnerability in the setuptools package has been addressed.

Vulnerability Details

CVEID:CVE-2022-40897
**DESCRIPTION:**Pypa Setuptools is vulnerable to a denial of service, caused by improper input validation. By sending request with a specially crafted regular expression, an remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/243028 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
Data Replication on Cloud Pak for Data	All before 4.7.1

Remediation/Fixes

Update to the latest product fix pack found here: <https://www.ibm.com/docs/en/cloud-paks/cp-data/4.8.x?topic=new-data-replication>

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.6.4

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.6.5

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.7.0

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.7.1

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.7.2

CPENameOperatorVersion
ibm data replication cartridge for ibm cloud pak for dataeq4.6.4
ibm data replication cartridge for ibm cloud pak for dataeq4.6.5
ibm data replication cartridge for ibm cloud pak for dataeq4.7.0
ibm data replication cartridge for ibm cloud pak for dataeq4.7.1
ibm data replication cartridge for ibm cloud pak for dataeq4.7.2

Name	Operator	Version
ibm data replication cartridge for ibm cloud pak for data	eq	4.6.4
ibm data replication cartridge for ibm cloud pak for data	eq	4.6.5
ibm data replication cartridge for ibm cloud pak for data	eq	4.7.0
ibm data replication cartridge for ibm cloud pak for data	eq	4.7.1
ibm data replication cartridge for ibm cloud pak for data	eq	4.7.2