cURL libcurl is used by IBM Event Streams as part of the Operating System (CVE-2023-27534). The library supports retrieving data in-memory, downloading to disk, or streaming using the R “connection” interface.
CVEID:CVE-2023-27534
**DESCRIPTION:**cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a SFTP path ~ resolving discrepancy flaw. By sending a specially crafted request using a tilde (~) character, an attacker could exploit this vulnerability to obtain sensitive information from other directory, and use this information to launch further attacks against the affected system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250529 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Event Streams | 10.0.0 - 11.2.2 |
IBM strongly recommends addressing the vulnerability now by upgrading
Upgrade to IBM Event Streams 11.2.3 by following the upgrading and migrating documentation.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm event streams | ge | 10.0.0 | |
ibm event streams | le | 11.2.2 |