Vulnerability Details
Basic Information
| Title | Security Bulletin: Vulnerability in urllib3 affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2023-43804]. |
|---|---|
| Type | ibm |
| Published | 2025-05-03T07:56:51 |
| Last Seen | 2025-05-03T10:56:45 |
| CVSS Score | 8.1 (HIGH) |
CVSS v3 Details
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | NONE |
CVE Information
| CVE IDs | CVE-2023-43804 |
|---|---|
| CWE | |
| Bulletin Family | software |
Description
The urllib3 package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE [CVE-2023-43804].
## Vulnerability Details
**CVEID:**CVE-2023-43804
**DESCRIPTION:** urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw with cookie request header not stripped during cross-origin redirects. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268192 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N)
## Affected Products and Versions
Affected Product(s)| Version(s)
—|—
IBM Cloud Pak for Data System 1.0 | 1.0.0.0- 1.0.8.4
## Remediation/Fixes
**IBM strongly recommends addressing the vulnerability now by upgrading to latest version.**
**Product**| **VRMF**| **Remediation/First Fix**
—|—|—
IBM Cloud Pak for Data System 1.0| 1.0.9.0| Link to Fix Central
## Workarounds and Mitigations
None
##
Impact Assessment
| Base Score | 8.1 |
|---|---|
| Severity | HIGH |