Summary Grpc is used by IBM Cloud Pak for Data Scheduling as part of the image catalog used for installation. CVE-2023-44487. Vulnerability Details ** CVEID: CVE-2023-44487 DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By sending numerous HTTP/2 requests and RST_STREAM frames over multiple streams, a remote attacker could exploit this vulnerability to cause a denial of service due to server resource consumption. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268044 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions Affected Products/Versions guidance: Affected Product(s)| Version(s) —|— IBM Cloud Pak for Data Scheduling| 4.6.4 – 4.8.2 Remediation/Fixes Remediation/Fixes guidance: IBM recommends addressing the vulnerability now. Product(s)| Version(s) number and/or range | Remediation/Fix/Instructions —|—|— IBM Cloud Pak for Data Scheduling| 4.6.4 – 4.8.2| Follow the instructions to upgrade. Note: IBM Cloud Pak for Data Scheduling is bundled with IBM Cloud Pak for Data to provide advanced scheduling Workarounds and Mitigations Workarounds/Mitigation guidance:…Read More