Lucene search

K
ibmIBMA2B4AE0CAA153F717FC9D290DE4B7A563C9B926DE7D7C6B738B1746EC64BEBCB
HistoryApr 07, 2020 - 8:42 p.m.

Security Bulletin: Resilient is vulnerable to using Python component with known vulnerabilities in RHEL 7

2020-04-0720:42:09
www.ibm.com
22
resilient
rhel 7
python
cve-2019-10160
ibm
vulnerability
errata
rhsa-2019:1587
update
installation
information disclosure
cvss score

EPSS

0.005

Percentile

75.9%

Summary

Resilient is vulnerable to using Python component with known vulnerabilities in RHEL 7. This CVE is fixed in RHEL7 as part of Errata RHSA-2019:1587 (https://access.redhat.com/errata/RHSA-2019:1587). This update is included in Resilient 33.0.5087 released on June28, 2019, and subsequent versions. It can be installed by following the instructions in https://www.ibm.com/support/knowledgecenter/SSBRUQ_33.0.0/com.ibm.resilient.doc/install/resilient_install_updates_sw.htm (The relevant package included in the update is python-2.7.5-80.el7_6.x86_64.rpm )

Vulnerability Details

CVEID:CVE-2019-10160
**DESCRIPTION:**Python urllib.parse.urlsplit and urllib.parse.urlparse components could allow a remote attacker to obtain sensitive information, caused by improper unicode encoding handling. By using a specially-crafted URL, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/162358 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Resilient v33.x
IBM Resilient V34.0
IBM Resilient v34.x

Remediation/Fixes

This CVE is fixed in RHEL7 as part of Errata RHSA-2019:1587 (<https://access.redhat.com/errata/RHSA-2019&gt;:1587). This update is included in Resilient 33.0.5087 released on June28, 2019, and subsequent versions. It can be installed by following the instructions in <https://www.ibm.com/support/knowledgecenter/SSBRUQ_33.0.0/com.ibm.resilient.doc/install/resilient_install_updates_sw.htm&gt; (The relevant package included in the update is python-2.7.5-80.el7_6.x86_64.rpm )

Workarounds and Mitigations

None