IBM8385FD09769E1146D4CC046CA95DE558168CAFD3D1ECAE66E41AB520A344159CSecurity Bulletin: Vulnerability in CloudPak for Watson AIOps. [CVE-2023-41419]
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
55.2%
Summary
Gevent vulnerability was addressed in IBM Cloud Pak for Watson AIOps version 4.2.1. [CVE-2023-41419]
Vulnerability Details
CVEID:CVE-2023-41419
**DESCRIPTION:**Gevent could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the WSGIServer component. By using a specially crafted script , an attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/267078 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Cloud Pak for Watson AIOps | 4.2.0 |
Remediation/Fixes
IBM strongly suggests that you address the vulnerabilities now for all affected products/versions listed above by installing Fix:
<https://www.ibm.com/docs/SSJGDOB_4.2.1/upgrading/upgrading.html>
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm cloud pak for watson aiops | eq | 4.2.1 |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
55.2%