7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
Vulnerabilities CVE-2019-11484, CVE-2019-11485, CVE-2019-11483, CVE-2019-11482 have been found in Ubuntu and potentially affect container images of IBM Workload Scheduler 9.5
CVEID:CVE-2019-11484
**DESCRIPTION:**Ubuntu whoopsie package could allow a local authenticated attacker to execute arbitrary code on the system, caused by an integer overflow in the bson_ensure_space function. By using specially crafted crash reports, an attacker could exploit this vulnerability to execute arbitrary code, obtain sensitive information, or cause a denial of service condition on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/176573 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2019-11485
**DESCRIPTION:**Ubuntu Apport package is vulnerable to a denial of service, caused by the mishandling of lock-file creation. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/176572 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2019-11483
**DESCRIPTION:**Ubuntu Apport package could allow a local authenticated attacker to bypass security restrictions, caused by the mishandling of crash dumps originating from containers. By sending a specially-crafted request, an attacker could exploit this vulnerability to generate a crash report for a privileged process.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/176571 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
CVEID:CVE-2019-11482
**DESCRIPTION:**Ubuntu Apport package could allow a local authenticated attacker to bypass security restrictions, caused by a time of check to time of use (TOCTTOU) flaw. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause core files to be written in arbitrary directories.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/176570 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
IBM Workload Scheduler Distributed 9.5.0 FP01 and earlier
APAR IJ24525 has been opened to address Ubuntu vulnerabilities affecting IBM Workload Scheduler.
Apar IJ24525 is already included in IBM Workload Scheduler 9.5 FP02, already available on FixCentral.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm workload automation | eq | 9.5 |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P