5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6.3 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
47.4%
Python is used by IBM Cloud Pak for Data Scheduling, to install the Scheduler for IBM Cloud Pak for Data. A reported parsing flaw in Python is addressed.
CVEID:CVE-2023-27043
**DESCRIPTION:**Python could allow a remote attacker to bypass security restrictions, caused by a parsing flaw in the email.utils.parsaddr() and email.utils.getaddresses() functions. By sending a specially-crafted e-mail addresses with a special character, an attacker could exploit this vulnerability to send messages from e-mail addresses that would otherwise be rejected.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253191 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s)|**Version(s)
**
—|—
IBM Cloud Pak for Data Scheduling| 4.6.4, 4.6.5, 4.6.6
The issue has been addressed in the latest edition. IBM recommends addressing the vulnerability.
Product(s) | **Version(s) number and/or range ** | Remediation/Fix/Instructions |
---|---|---|
IBM Cloud Pak for Data Scheduler | 4.6.4, 4.6.5, 4.6.6 | Follow the upgrade instructions to fix the issue. |
Note: IBM Cloud Pak for Data Scheduling is bundled with IBM Cloud Pak for Data to provide advanced scheduling and resource management capabilities.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud pak for data | eq | 4.7.0 |
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6.3 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
47.4%