Vulnerabilities in Open Source Python affect OS Image Red Hat bundled with IBM Cloud Pak System. OS Image Red Hat addressed applicable CVEs.
CVEID:CVE-2019-16935
**DESCRIPTION:**Python is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the python/Lib/DocXMLRPCServer.py. A remote attacker could exploit this vulnerability using the server_title field to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168612 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud Pak System | v2.3.0.1, v2.3.1.1, v.2.3.2.0 |
IBM Cloud Pak System | v2.3.3.0, v2.3.3.1, v.2.3.3.2, v.2.3.3.3 |
If you are using an earlier unsupported release, IBM strongly recommends that you upgrade.
Cloud Pak System update python v2.7.17 with IBM OS Image for Red Hat Linux Systems (RHEL 7.9) 3.1.3.0 related OS packages python-2.7.5-90*.
For Cloud Pak System v2.3.0.1, v2.3.1.1, v.2.3.2.0, v2.3.3.0, v2.3.3.1, v.2.3.3.2,
upgrade to Cloud Pak System v2.3.3.3 and apply Cloud Pak System v2.3.3.3 Interim Fix 1 at Fix Central.
For Cloud Pak System v.2.3.3.3
apply Cloud Pak System v2.3.3.3 Interim Fix 1 at Fix Central.
Information on upgrading at : <http://www.ibm.com/support/docview.wss?uid=ibm10887959>
None