IBM Workload Scheduler is potentially affected by a vulnerability in OpenSSL that could cause a system crash
CVEID:CVE-2022-4450
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the improper handling of specific PEM data by the PEM_read_bio_ex() function. By sending specially crafted PEM files for parsing, a remote attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/246615 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Workload Scheduler | 9.5 |
IBM Workload Scheduler | 9.4 |
IBM Workload Scheduler | 10.1 |
APAR IJ47125 has been opened to address the OpenSSL vulnerability for IBM Workload Scheduler.
APAR IJ47125 has been included in 9.5.0.6 Security 2023.03 and 10.1.0.3 versions. Customers using IBM Workload Scheduler 9.4 should open a support ticket requesting a fix to apply on top of 9.4.0.7 version.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm workload scheduler | eq | 9.4 | |
ibm workload scheduler | eq | 9.5 |