IBM3BC8DA4B65B60DF9B4AE0D0EDBC16571B2FD4C5E3C4066E8DA623647115D47F6Security Bulletin: A Vulnerability in python-requests Affects IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2023-32681)
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
51.8%
Summary
Python-requests is used by IBM Decision Optimization for IBM Cloud Pak for Data. An information disclosure vulnerability in python-requests was addressed.
Vulnerability Details
CVEID:CVE-2023-32681
**DESCRIPTION:**python-requests could allow a remote attacker to obtain sensitive information, caused by the leaking of Proxy-Authorization headers to destination servers during redirects to an HTTPS origin. By persuading a victim to click on a specially crafted URL, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256114 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Decision Optimization for Cloud Pak for Data | All |
Remediation/Fixes
Users are strongly encouraged to upgrade to IBM Decision Optimization for IBM Cloud Pak for Data 4.7.2 and subsequent releases.
Here is the detailed information on Upgrading IBM Cloud Pak for Data
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| decision optimization for cloud pak for data | eq | any |
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
51.8%