CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
IBM Workload Scheduler is affected by vulnerability found in glibc that can cause Denial of Service (CVE-2024-33601).
CVEID:CVE-2024-33601
**DESCRIPTION:**glibc is vulnerable to a denial of service, caused by a memory allocation failure when the Name Service Cache Daemon’s (nscd) netgroup cache uses the xmalloc or xrealloc functions. A local attacker could exploit this vulnerability to terminate the daemon.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290170 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Workload Scheduler | 9.5 to 9.5.0.6 Security 2023.03 |
IBM Workload Scheduler | 10.1 to 10.1.0.4 |
IBM Workload Scheduler | 10.2 to 10.2.1 |
APAR IJ52172 has been opened to address glibc vulnerability affecting IBM Workload Automation. The fix is included in IBM Workload Scheduler 9.5.0.7, IBM Workload Scheduler 10.1.0.5 and IBM Workload Scheduler 10.2.2, available on Fix Central.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | workload_scheduler | 9.5 | cpe:2.3:a:ibm:workload_scheduler:9.5:*:*:*:*:*:*:* |
ibm | workload_scheduler | 10.1 | cpe:2.3:a:ibm:workload_scheduler:10.1:*:*:*:*:*:*:* |
ibm | workload_scheduler | 10.2 | cpe:2.3:a:ibm:workload_scheduler:10.2:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High