Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to Go (IBM X-Force ID 250518).
Discription

## Summary

Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to Go (IBM X-Force ID 250518) with details below. This vulnerability has been addressed.

## Vulnerability Details

** IBM X-Force ID: **250518
** DESCRIPTION: **golang-jwt jwt-go is vulnerable to a denial of service, caused by a token without ExpiresAT. By presenting an empty token, a local attacker could exploit this vulnerability to cause a panic.
CVSS Base score: 6.2
CVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/250518 ]() for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

## Affected Products and Versions

Affected Product(s)| Version(s)
—|—
Automation Assets in IBM Cloud Pak for Integration (CP4I)| 2021.2.1
2021.4.1
2022.2.1

## Remediation/Fixes

**Automation Assets version ****in IBM Cloud Pak for Integration**

Upgrade Automation Assets Operator to 2022.2.1-12 using the Operator upgrade process described in the IBM Documentation

[
]()

## Workarounds and Mitigations

None

##Read More

References

Back to Main
Subscribe for the latest news:
%d bloggers like this: