IBM652CF81257329A6D8A4DF205B43AF20DA87085A71B4D2745320E44EE78D83864Security Bulletin: IBM Workload Scheduler is vulnerable to XML External Entity Injection (XXE) attack
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
50.3%
Summary
IBM Workload Scheduler is vulnerable to XML External Entity Injection (XXE) exploitation in “Create Job on Broker” page.
Vulnerability Details
CVEID:CVE-2022-22486
**DESCRIPTION:**IBM Tivoli Workload Scheduler is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226328 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Workload Scheduler | 9.4 |
| IBM Workload Scheduler | 9.5 |
| IBM Workload Scheduler | 10.1 |
Remediation/Fixes
APAR IJ36579 has been opened to address CVE-2022-22486.
A fix for APAR IJ36579 is available on FixCentral for 9.4 release (940-TIV-TWS-FP7-IJ36579) to be applied on top of 9.4.0.7.
APAR IJ36579 has also been included in IBM Workload Scheduler 9.5.0.6 Security Update and in IBM Workload Scheduler 10.1.0.1, both available from FixCentral.
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm workload scheduler | eq | 9.5 | |
| ibm workload scheduler | eq | 9.4 |
Related
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
50.3%