Lucene search

IBM61F18635944D6A9D60C27EC2EF11435B9ED6ED3F77E46FBCA94733F8C1509114

HistoryMar 11, 2024 - 1:08 p.m.

Security Bulletin: Vulnerability in urllib3 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2021-33503]

2024-03-1113:08:06

www.ibm.com

ibm

cloud pak

data system

vulnerability

urllib3

redos

security patch

fix central

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

68.7%

JSON

Summary

The urllib3 package is used by IBM Cloud Pak for Data System 2.0. IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE[CVE-2021-33503] .

Vulnerability Details

CVEID:CVE-2021-33503
**DESCRIPTION:**urllib3 is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw due to catastrophic backtracking. By sending a specially-crafted URL request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203109 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Cloud Pak for Data System 2.0	2.0.0.0 - 2.0.2.1

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by applying below security patch.

Affected Product(s)	VRMF	Remediation/Fixes
IBM Cloud Pak for Data System 2.0	2.0.2.1.IF1	Link to Fix Central

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm cloud pak for data systemeq2.0

CPE	Name	Operator	Version
	ibm cloud pak for data system	eq	2.0

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

68.7%

JSON

Related for 61F18635944D6A9D60C27EC2EF11435B9ED6ED3F77E46FBCA94733F8C1509114