6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
63.2%
Vulnerabilities in Open Source Python affect OS Image Red Hat bundled with IBM Cloud Pak System. OS Image Red Hat addressed applicable CVEs.
CVEID:CVE-2019-16935
**DESCRIPTION:**Python is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the python/Lib/DocXMLRPCServer.py. A remote attacker could exploit this vulnerability using the server_title field to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168612 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud Pak System | v2.3.0.1, v2.3.1.1, v.2.3.2.0 |
IBM Cloud Pak System | v2.3.3.0, v2.3.3.1, v.2.3.3.2, v.2.3.3.3 |
If you are using an earlier unsupported release, IBM strongly recommends that you upgrade.
Cloud Pak System update python v2.7.17 with IBM OS Image for Red Hat Linux Systems (RHEL 7.9) 3.1.3.0 related OS packages python-2.7.5-90*.
For Cloud Pak System v2.3.0.1, v2.3.1.1, v.2.3.2.0, v2.3.3.0, v2.3.3.1, v.2.3.3.2,
upgrade to Cloud Pak System v2.3.3.3 and apply Cloud Pak System v2.3.3.3 Interim Fix 1 at Fix Central.
For Cloud Pak System v.2.3.3.3
apply Cloud Pak System v2.3.3.3 Interim Fix 1 at Fix Central.
Information on upgrading at : <http://www.ibm.com/support/docview.wss?uid=ibm10887959>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud pak system | eq | 2.2 | |
ibm cloud pak system | eq | 2.3 |
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
63.2%