Lucene search

IBM34C6B869E674ABD398A4368ED654A4963DA9F6B46EBD2BDAE4613BDC3D7816D4

HistoryFeb 28, 2024 - 3:27 p.m.

Security Bulletin: IBM Spectrum Conductor with urllib3 could allow a remote authenticated attacker to obtain sensitive information

2024-02-2815:27:52

www.ibm.com

ibm spectrum conductor

urllib3

authenticated attacker

sensitive information

remote

cve-2023-45803

http redirect

cvss

security patch

vulnerability

fix

CVSS3

4.2

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

Percentile

9.8%

JSON

Summary

IBM Spectrum Conductor with urllib3 could allow a remote authenticated attacker to obtain sensitive information

Vulnerability Details

CVEID:CVE-2023-45803
**DESCRIPTION:**urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw with not remove the HTTP request body when an HTTP redirect response using status 303. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/269079 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Spectrum Conductor	IBM Spectrum Conductor 2.5.1

Remediation/Fixes

IBM strongly suggests the following remediation or fix:

Upgrade to the latest versions of IBM Spectrum Conductor 2.5.1 FP2 and security patch (IBM Spectrum Conductor 2.5.1 with Fix 601861).

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmspectrum_controlMatch2.5.1

VendorProductVersionCPE
ibmspectrum_control2.5.1cpe:2.3:a:ibm:spectrum_control:2.5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	spectrum_control	2.5.1	cpe:2.3:a:ibm:spectrum_control:2.5.1:::::::*

CVSS3

4.2

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

Percentile

9.8%

JSON

Related for 34C6B869E674ABD398A4368ED654A4963DA9F6B46EBD2BDAE4613BDC3D7816D4