CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
IBM Workload Scheduler is affected by multiple vulnerabilities in Apache Commons Compress that can cause denial of service (CVE-2024-25710, CVE-2024-26308)
CVEID:CVE-2024-25710
**DESCRIPTION:**Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to open a specially crafted DUMP file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283472 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2024-26308
**DESCRIPTION:**Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error. By persuading a victim to open a specially crafted Pack200 file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283469 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Workload Scheduler |
9.5 to 9.5.0.6
Security 2023.03
IBM Workload Scheduler| 10.1 to 10.1.0.4
IBM Workload Scheduler| 10.2 to 10.2.1
IBM strongly recommends addressing the vulnerability now by upgrading IBM Workload Scheduler.
APAR IJ52193 has been opened to address the Apache Commons Compress vulnerability for IBM Workload Scheduler.
APAR IJ52193 has been included in 9.5.0.7, 10.1.0.5, 10.2.2 version, available on Fix Central.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | workload_scheduler | 9.5 | cpe:2.3:a:ibm:workload_scheduler:9.5:*:*:*:*:*:*:* |
ibm | workload_scheduler | 10.1 | cpe:2.3:a:ibm:workload_scheduler:10.1:*:*:*:*:*:*:* |
ibm | workload_scheduler | 10.2 | cpe:2.3:a:ibm:workload_scheduler:10.2:*:*:*:*:*:*:* |
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High