A vulnerability in libksba package used in Data Replication on Cloud Pak for Data was addressed.
CVEID:CVE-2022-47629
**DESCRIPTION:**Libksba could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the CRL signature parser. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242850 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
Data Replication on Cloud Pak for Data | All |
Data Replication on Cloud Pak for Data | 4.6.4 |
Update to the latest product fix pack found here: <https://www.ibm.com/docs/en/cloud-paks/cp-data/4.7.x?topic=new-data-replication>
None
CPE | Name | Operator | Version |
---|---|---|---|
data replication on cloud pak for data | eq | any | |
data replication on cloud pak for data | eq | 4.6.4 |