Lucene search

K
ibmIBM1AC9F301DD19448377216F6866BE5A984155B20A64C10F521B1C0CDCBB23DBE0
HistoryMay 05, 2023 - 3:59 p.m.

Security Bulletin: IBM Cognos Analytics on Cloud Pak for Data 4.6.5 has addressed a security vulnerability

2023-05-0515:59:18
www.ibm.com
30
ibm cognos analytics
cloud pak for data
cve-2022-0185
buffer overflow
upgrade
security fix

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.6%

Summary

IBM Cognos Analytics on Cloud Pak for Data 4.6.5 has addressed a heap-based buffer overflow vulnerability.

Vulnerability Details

CVEID:CVE-2022-0185
**DESCRIPTION:**Linux Kernel is vulnerable to a heap-based buffer overflow, caused by an integer underflow in the legacy_parse_param function in fs/fs_context.c. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217455 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cognos Analytics on Cloud Pak for Data 4.0

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading

Affected Product(s) Version Fix
IBM Cognos Analytics on Cloud Pak for Data 4.6.5 Installing IBM Cognos Analytics on IBM Cloud Pak for Data

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcognos_analyticsMatch11.2.4
OR
ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatchany

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.6%