CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
AI Score
Confidence
High
EPSS
Percentile
56.6%
IBM Workload Automation is potentially affected by a vulnerability in OpenSSL that can cause denial of service (CVE-2023-6129)
**CVEID:**CVE-2023-6129 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the POLY1305 MAC (message authentication code) implementation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/278934 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Workload Scheduler | 10.2 |
IBM strongly recommends addressing the vulnerability now by upgrading IBM Workload Automation.
APAR IJ51944 has been opened to address the OpenSSL vulnerability for IBM Workload Automation.
APAR IJ51944 has been included in 10.2.2 version, available on Fix Central.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | workload_scheduler | 10.2 | cpe:2.3:a:ibm:workload_scheduler:10.2:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
AI Score
Confidence
High
EPSS
Percentile
56.6%