Lucene search

K
ibmIBM4568D5566F99F485F50A65361804397A2E2469E4B345C8D852CDF76D4C60D831
HistoryMay 02, 2023 - 5:53 p.m.

Security Bulletin: Python Packaging Authority (PyPA) Wheel is vulnerable to CVE-2022-40898 used in IBM Maximo Application Suite

2023-05-0217:53:15
www.ibm.com
49

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Summary

IBM Maximo Application Suite uses Python Packaging Authority (PyPA) Wheel which is vulnerable to CVE-2022-40898.

Vulnerability Details

CVEID:CVE-2022-40898
**DESCRIPTION:**Python Packaging Authority (PyPA) Wheel is vulnerable to a denial of service. A remote attacker could exploit this vulnerability using the WHEEL_INFO_RE regular expression to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/243027 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Maximo Application Suite 8.8
IBM Maximo Application Suite 8.9

Remediation/Fixes

Affected Product(s) Fix pack Version(s)
IBM Maximo Application Suite 8.8.6 or the latest (available from the Catalog under Update Available)
IBM Maximo Application Suite 8.9.2 or the latest (available from the Catalog under Update Available)

Workarounds and Mitigations

None

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Related for 4568D5566F99F485F50A65361804397A2E2469E4B345C8D852CDF76D4C60D831