Lucene search

K
ibmIBM880822C9DB76103318BE5A49301C8759E23CBBF2A382CF228C22368E0EB555E2
HistoryJul 31, 2023 - 10:45 a.m.

Security Bulletin: Vulnerability in certifi-2018.4.16-py2.py3 affects IBM Cloud Pak for Data System 1.0(CPDS 1.0) [CVE-2022-23491]

2023-07-3110:45:43
www.ibm.com
6
certifi-2018.4.16-py2.py3
ibm cloud pak for data system 1.0
cve-2022-23491
trustcor's ownership
spyware
cvss base score 6.8
upgrade
fix central

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

22.8%

Summary

The certifi-2018.4.16-py2.py3 package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE [CVE-2022-23491].

Vulnerability Details

CVEID:CVE-2022-23491
**DESCRIPTION:**An unspecified error in with TrustCor’s ownership also operated a business that produced spyware in Certifi has an unknown impact and attack vector.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241627 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud Pak for Data System 1.0 1.0.0.0-1.0.8.1

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading to latest version.

Product VRMF Remediation/First Fix
IBM Cloud Pak for Data System 1.0 1.0.8.2 Link to Fix Central

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcloud_pak_for_dataMatch1.0
CPENameOperatorVersion
ibm cloud pak for data systemeq1.0

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

22.8%