Summary GRPC-Go is used by the CP4D Scheduling Service for inter-process communication. IBM X-Force ID: 350626. Vulnerability Details IBM X-Force ID: 350626 DESCRIPTION: gRPC-Go is vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By sending numerous HTTP/2 requests, cancel them, and send subsequent requests, a remote attacker could exploit this vulnerability to cause a denial of service due to server resource consumption. CWE:CWE-400: Uncontrolled Resource Consumption CVSS Source: IBM X-Force CVSS Base score: 7.5 CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM CloudPak for Data – Scheduling Service| 4.8.0 Remediation/Fixes Product(s)| Version(s)| Remediation/Fix/Instructions —|—|— IBM CloudPak for Data – Scheduling Service| 4.8.0| Download version 4.8.1 or higher and follow the upgrade instructions to resolve the issue. Workarounds and Mitigations…Read More