Security Bulletin: Resilient is vulnerable to using Python component with known vulnerabilities in RHEL 7

Summary

Resilient is vulnerable to using Python component with known vulnerabilities in RHEL 7. This CVE is fixed in RHEL7 as part of Errata RHSA-2019:1587 (https://access.redhat.com/errata/RHSA-2019:1587). This update is included in Resilient 33.0.5087 released on June28, 2019, and subsequent versions. It can be installed by following the instructions in https://www.ibm.com/support/knowledgecenter/SSBRUQ_33.0.0/com.ibm.resilient.doc/install/resilient_install_updates_sw.htm (The relevant package included in the update is python-2.7.5-80.el7_6.x86_64.rpm )

Vulnerability Details

CVEID:CVE-2019-10160
**DESCRIPTION:**Python urllib.parse.urlsplit and urllib.parse.urlparse components could allow a remote attacker to obtain sensitive information, caused by improper unicode encoding handling. By using a specially-crafted URL, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/162358 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

This CVE is fixed in RHEL7 as part of Errata RHSA-2019:1587 (<https://access.redhat.com/errata/RHSA-2019&gt;:1587). This update is included in Resilient 33.0.5087 released on June28, 2019, and subsequent versions. It can be installed by following the instructions in <https://www.ibm.com/support/knowledgecenter/SSBRUQ_33.0.0/com.ibm.resilient.doc/install/resilient_install_updates_sw.htm&gt; (The relevant package included in the update is python-2.7.5-80.el7_6.x86_64.rpm )

Workarounds and Mitigations

None