IBM9F4EEA7DE73C5683C6F4EC080F7A5B76A796ED38BFB6B092C0153F78CA8BC85CSecurity Bulletin: IBM Maximo Application Suite - Predict Component component uses aiohttp-3.9.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to this CVE-2024-42367
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
High
Summary
Security Bulletin: IBM Maximo Application Suite - Predict Component component uses aiohttp-3.9.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to this CVE-2024-42367
Vulnerability Details
CVEID:CVE-2024-42367
**DESCRIPTION:**aio-libs aiohttp ould allow a remote attacker to traverse directories on the system, caused by improper archive file validation. An attacker could use a specially crafted archive file containing “dot dot” sequences (/…/) to create arbitrary symlinks on the system.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/350875 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Maximo Application Suite - Predict Component | 9.0.0 |
Remediation/Fixes
| Affected Product(s) | Version(s) |
|---|---|
| IBM Maximo Application Suite - Predict Component | 9.0.1 |
Workarounds and Mitigations
None
Affected configurations
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
High