IBM760DB09CCA6169B30D7ACE1A2EEE1C63197F3668C02D285420D46251528E5A67Security Bulletin: Vulnerability in IBM WebSphere Application Server (CVE-2023-27554) shipped with IBM Workload Scheduler 9.4
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
47.6%
Summary
IBM WebSphere Application Server (WAS) is shipped as a component of IBM Workload Scheduler, which results in IBM Workload Scheduled being impacted by this vulnerability. IBM WebSphere Application Server traditional is vulnerable to an XML External Entity (XXE) Injection vulnerability. This has been addressed.
Vulnerability Details
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Workload Scheduler | 9.4 |
Remediation/Fixes
Refer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS) which is shipped with IBM Workload Scheduler. IBM recommends that these remediations are applied to all instances of IBM Workload Scheduler.
<https://www.ibm.com/support/pages/node/6989451>
Workarounds and Mitigations
None
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | workload_scheduler | 9.4 | cpe:2.3:a:ibm:workload_scheduler:9.4:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
47.6%