IBM Workload Scheduler is potentially affected by a vulnerability found in Json-smart library that can cause a stack exhaustion (stack overflow) and software crash. Specifically, the following plugins can suffer from this issue: Azure Storage Job Executor, Azure Resource Manager Job Executor, Azure Job Executor, Azure Databricks Job Executor.
CVEID:CVE-2023-1370
**DESCRIPTION:**netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted input, a remote attacker could exploit this vulnerability to cause a stack exhaustion and crash the software.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249885 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Workload Scheduler | 9.5 |
IBM Workload Scheduler | 10.1 |
APAR IJ46389 has been opened to address Json-smart vulnerability affecting IBM Workload Scheduler.
APAR IJ46389 is included in the following IBM Workload Scheduler plugins:
- Azure Job Executor version 10.1.0.07
- Azure Databricks Job Executor version 10.1.0.08
- Azure Resource Manager Job Executor version 10.1.0.07
- Azure Storage Job Executor version 10.1.0.08
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm workload scheduler | eq | 10.1 | |
ibm workload scheduler | eq | 9.5 |