Vulnerability Details
Basic Information
| Title | Security Bulletin: Vulnerability in Werkzeug affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2023-46136]. |
|---|---|
| Type | ibm |
| Published | 2025-05-03T08:50:05 |
| Last Seen | 2025-05-03T10:56:45 |
| CVSS Score | 8.0 (HIGH) |
CVSS v3 Details
| Attack Vector | ADJACENT |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
CVE Information
| CVE IDs | CVE-2023-46136 |
|---|---|
| CWE | |
| Bulletin Family | software |
Description
The Werkzeug package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE [CVE-2023-46136].
## Vulnerability Details
**CVEID:**CVE-2023-46136
**DESCRIPTION:** Pallets Werkzeug is vulnerable to a denial of service, caused by a flaw when parsing multipart/form-data containing a large part with CR/LF character at the beginning. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/269739 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
## Affected Products and Versions
Affected Product(s)| Version(s)
—|—
IBM Cloud Pak for Data System 1.0| 1.0.0.0- 1.0.8.4
## Remediation/Fixes
**IBM strongly recommends addressing the vulnerability now by upgrading to latest version.**
**Product**| **VRMF**| **Remediation/First Fix**
—|—|—
IBM Cloud Pak for Data System 1.0| 1.0.9.0| Link to Fix Central
## Workarounds and Mitigations
None
##
Impact Assessment
| Base Score | 8.0 |
|---|---|
| Severity | HIGH |