6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
51.8%
Python-requests is used by IBM Decision Optimization for IBM Cloud Pak for Data. An information disclosure vulnerability in python-requests was addressed.
CVEID:CVE-2023-32681
**DESCRIPTION:**python-requests could allow a remote attacker to obtain sensitive information, caused by the leaking of Proxy-Authorization headers to destination servers during redirects to an HTTPS origin. By persuading a victim to click on a specially crafted URL, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256114 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
Decision Optimization for Cloud Pak for Data | All |
Users are strongly encouraged to upgrade to IBM Decision Optimization for IBM Cloud Pak for Data 4.7.2 and subsequent releases.
Here is the detailed information on Upgrading IBM Cloud Pak for Data
None
CPE | Name | Operator | Version |
---|---|---|---|
decision optimization for cloud pak for data | eq | any |
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
51.8%