Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMFC118640A89667101754CE8DFBFBDCB2259441D05EC9F38295F666D25EEDB638
HistoryApr 01, 2024 - 7:33 a.m.

Security Bulletin: IBM Maximo Application Suite uses cryptography-41.0.2-cp37-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2023-49083

2024-04-0107:33:48
www.ibm.com
14
ibm maximo application suite
cryptography vulnerability
denial of service
cve-2023-49083
fixpack
8.10.x
8.11.x

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.6%

JSON

Summary

IBM Maximo Application Suite uses cryptography-41.0.2-cp37-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2023-49083.This bulletin contains information regarding the vulnerability and its fixture.

Vulnerability Details

CVEID:CVE-2023-4807
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a state corruption flaw in the POLY1305 MAC (message authentication code) implementation, when running on newer X86_64 processors supporting the AVX512-IFMA instructions. A local authenticated attacker could exploit this vulnerability to cause an incorrect result of some application dependent calculations or a crash or in some cases gain complete control of the application process.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265578 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-3446
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check() functions to check a DH key or DH parameters. By sending a specially crafted request using long DH keys or parameters, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261026 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2023-49083
**DESCRIPTION:**Cryptography package for Python is vulnerable to a denial of service, caused by a NULL pointer dereference when loading PKCS7 certificates. By deserializing a specially crafted PKCS7 blob/certificate, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/272510 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Maximo Application Suite 8.10.x
IBM Maximo Application Suite 8.11.x

Remediation/Fixes

Affected Product(s) Fixpack Version(s)
IBM Maximo Application Suite 8.10.10
IBM Maximo Application Suite 8.11.7

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmaximo_application_suiteMatch8.10.
OR
ibmmaximo_application_suiteMatch8.11

Related

ibm 14
nessus 66
redhatcve 3
oraclelinux 7
almalinux 3
cve 3
cbl_mariner 3
ubuntucve 3
redos 3
alpinelinux 3
openvas 41
cvelist 4
nvd 3
osv 12
prion 3
redhat 3
cgr 2
fedora 1
debiancve 4
github 1
wolfi 2
rocky 1
veracode 2
openssl 2
broadcom 2
f5 1
ubuntu 2
cloudfoundry 1
photon 2
amazon 1
slackware 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM Rational ClearCase
2024-03-13 14:31:16
Security Bulletin: Cryptography-41.0.3 and cryptography-41.0.5 is vulnerable to CVE-2023-49083 used in IBM Maximo Application Suite - Edge Data Collector
2024-03-05 09:30:02
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service in the Cryptography package for Python [CVE-2023-49083]
2024-04-25 17:47:49
nessus
nessus
Fedora 40 : python-cryptography (2024-9d2de2b051)
2024-04-29 00:00:00
Oracle Linux 7 : python-cryptography (ELSA-2024-19480)
2024-03-21 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-cryptography (SUSE-SU-2023:4842-1)
2023-12-15 00:00:00
redhatcve
redhatcve
CVE-2023-49083
2023-12-20 11:10:52
CVE-2023-4807
2023-09-08 15:05:36
CVE-2023-3446
2023-07-25 04:17:33
oraclelinux
oraclelinux
python-cryptography security update
2024-03-20 00:00:00
python3.11-cryptography security update
2024-05-02 00:00:00
python3.11-cryptography security update
2024-01-18 00:00:00
almalinux
almalinux
Moderate: python3.11-cryptography security update
2024-05-22 00:00:00
Moderate: python3.11-cryptography security update
2024-04-30 00:00:00
Low: edk2 security update
2024-02-20 00:00:00
cve
cve
CVE-2023-49083
2023-11-29 19:15:07
CVE-2023-4807
2023-09-08 12:15:08
CVE-2023-3446
2023-07-19 12:15:10
cbl_mariner
cbl_mariner
CVE-2023-49083 affecting package python-cryptography for versions less than 42.0.5-1
2024-03-19 17:21:46
CVE-2023-49083 affecting package python-cryptography for versions less than 3.3.2-6
2024-01-04 19:54:01
CVE-2023-4807 affecting package kata-containers for versions less than 3.2.0.azl1-1
2024-05-17 21:38:35
ubuntucve
ubuntucve
CVE-2023-49083
2023-12-04 00:00:00
CVE-2023-4807
2023-09-08 00:00:00
CVE-2023-3446
2023-07-19 00:00:00
redos
redos
ROS-20240409-06
2024-04-09 00:00:00
ROS-20240402-16
2024-04-02 00:00:00
ROS-20230918-02
2023-09-18 00:00:00
alpinelinux
alpinelinux
CVE-2023-49083
2023-11-29 19:15:07
CVE-2023-4807
2023-09-08 12:15:08
CVE-2023-3446
2023-07-19 12:15:10
openvas
openvas
openSUSE: Security Advisory for python3 (SUSE-SU-2023:4843-1)
2024-03-04 00:00:00
Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-1127)
2024-01-29 00:00:00
Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-1419)
2024-03-21 00:00:00
cvelist
cvelist
CVE-2023-49083 cryptography vulnerable to NULL-dereference when loading PKCS7 certificates
2023-11-29 18:50:24
CVE-2023-4807 POLY1305 MAC implementation corrupts XMM registers on Windows
2023-09-08 11:01:53
CVE-2023-3446 Excessive time spent checking DH keys and parameters
2023-07-19 11:31:34
nvd
nvd
CVE-2023-49083
2023-11-29 19:15:07
CVE-2023-4807
2023-09-08 12:15:08
CVE-2023-3446
2023-07-19 12:15:10
osv
osv
CVE-2023-49083
2023-11-29 19:15:07
Moderate: python3.11-cryptography security update
2024-05-10 14:32:42
Moderate: python3.11-cryptography security update
2024-04-30 00:00:00
prion
prion
Null pointer dereference
2023-11-29 19:15:00
Design/Logic Flaw
2023-09-08 12:15:00
Design/Logic Flaw
2023-07-19 12:15:00
redhat
redhat
(RHSA-2024:3105) Moderate: python3.11-cryptography security update
2024-05-22 06:35:37
(RHSA-2024:2337) Moderate: python3.11-cryptography security update
2024-04-30 06:15:25
(RHSA-2024:0888) Low: edk2 security update
2024-02-20 11:21:16
cgr
cgr
CVE-2023-49083 vulnerabilities
2024-05-19 03:07:16
CVE-2023-3446 vulnerabilities
2024-05-19 03:07:16
fedora
fedora
[SECURITY] Fedora 39 Update: python-cryptography-41.0.7-1.fc39
2024-02-17 00:57:57
debiancve
debiancve
CVE-2023-49083
2023-11-29 19:15:07
CVE-2023-4807
2023-09-08 12:15:08
CVE-2023-3446
2023-07-19 12:15:10
github
github
cryptography vulnerable to NULL-dereference when loading PKCS7 certificates
2023-11-28 20:46:46
wolfi
wolfi
CVE-2023-49083 vulnerabilities
2024-06-26 09:08:30
CVE-2023-3446 vulnerabilities
2024-06-26 09:08:30
rocky
rocky
python3.11-cryptography security update
2024-05-10 14:32:42
veracode
veracode
Denial Of Service (DoS)
2023-11-29 09:29:57
Denial Of Service (DoS)
2023-07-20 10:29:49
openssl
openssl
Vulnerability in OpenSSL CVE-2023-4807
2023-09-08 00:00:00
Vulnerability in OpenSSL CVE-2023-3446
2023-07-13 00:00:00
broadcom
broadcom
Excessive time spent checking DH keys and parameters (CVE-2023-3446)
2024-04-16 00:00:00
Excessive time spent checking DH q parameter value (CVE-2023-3817)
2024-04-16 00:00:00
f5
f5
K000136903 : OpenSSL Diffie-Hellman vulnerability CVE-2023-3446
2023-09-19 00:00:00
ubuntu
ubuntu
python-cryptography vulnerabilities
2023-12-06 00:00:00
OpenSSL vulnerabilities
2023-10-18 00:00:00
cloudfoundry
cloudfoundry
USN-6539-1: python-cryptography vulnerabilities | Cloud Foundry
2024-04-04 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-3.0-0651
2023-09-15 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0472
2023-09-15 00:00:00
amazon
amazon
Medium: edk2
2023-08-17 11:58:00
slackware
slackware
[slackware-security] openssl
2023-08-02 17:08:29

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.6%

JSON
Related for FC118640A89667101754CE8DFBFBDCB2259441D05EC9F38295F666D25EEDB638
ibm14nessus66redhatcve3oraclelinux7almalinux3cve3cbl_mariner3ubuntucve3redos3alpinelinux3openvas41cvelist4nvd3osv12prion3redhat3cgr2fedora1debiancve4github1wolfi2rocky1veracode2openssl2broadcom2f51ubuntu2cloudfoundry1photon2amazon1slackware1