Site icon API Security Blog

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.5.0 Vulnerability Details ** CVEID: CVE-2023-5764 DESCRIPTION: **Ansible could allow a local authenticated attacker to execute arbitrary code on the system, caused by a template injection flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 6.6 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/273397 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N) ** CVEID: CVE-2022-41723 DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by a flaw in the HPACK decoder. By sending a specially-crafted HTTP/2 stream, a remote attacker could exploit this vulnerability to cause excessive CPU consumption, and results in a denial of service condition. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247965 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: CVE-2023-34055 DESCRIPTION: **VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when application uses Spring MVC or Spring WebFlux or org.springframework.boot:spring-boot-actuator is on the classpath. By sending specially crafted HTTP requests, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 5.3…Read More

Exit mobile version