5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
8.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
47.9%
XZ is used by IBM Robotic Process Automation for Cloud Pak as part of base container images, Watson NLP and WebSphere Liberty. (CVE-2020-22916). File is used by IBM Robotic Process Automation for Cloud Pak as part of the base container images, Watson NLP and WebSphere Liberty. (CVE-2022-48554). GNU gdb is used by IBM Robotic Process Automation for Cloud Pak as part of the base container images and WebSphere Liberty. (CVE-2023-39128, CVE-2023-39130).
CVEID:CVE-2020-22916
**DESCRIPTION:**XZ is vulnerable to a denial of service, caused by a flaw in the decompression algorithm when processing archive files. By persuading a victim to decompress a specially crafted file, a remote attacker could exploit this vulnerability to conduct a decompression bomb attack, resulting a denial of service. Note: the vendor disputes this vulnerability, as the decompression of 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266535 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID:CVE-2022-48554
**DESCRIPTION:**File is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the file_copystr function in funcs.c. By persuading a victim to open a specially crafted file, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264341 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-39128
**DESCRIPTION:**GNU gdb is vulnerable to a denial of service, caused by a stack-based buffer overflow in the ada_decode function in /gdb/ada-lang.c. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261648 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-39130
**DESCRIPTION:**GNU gdb is vulnerable to a denial of service, caused by a heap-based buffer overflow in the pe_as16 function in /gdb/coff-pe-read.c. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261650 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Robotic Process Automation for Cloud Pak | 21.0.0 - 21.0.7.9, 23.0.0 - 23.0.10 |
IBM strongly recommends addressing the vulnerability now.
Product(s) | **Version(s) number and/or range ** | Remediation/Fix/Instructions |
---|---|---|
IBM Robotic Process Automation for Cloud Pak | 21.0.0 - 21.0.7.9 | Update to 21.0.7.10 or higher using the following instructions. |
IBM Robotic Process Automation for Cloud Pak
| 23.0.0 - 23.0.10| Update to 23.0.11 or higher using the following instructions.
None.
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
8.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
47.9%