8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
53.4%
Potential Golang Go arbitrary code execution vulnerabilitiy.( CVE-2023-39323) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information.
CVEID:CVE-2023-39323
**DESCRIPTION:**Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by improper enforcement of line directive restrictions in the โ//go:cgo_โ directives. By providing specially crafted input in the linker and compiler flags, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268524 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
Affected Product(s) | Version(s) |
---|---|
Watson CP4D Data Stores | 4.0.0 - 4.8.5 |
Remediation/Fixes
For all affected versions, IBM strongly recommends addressing the vulnerability now by upgrading to the latest release (v5.0 or later releases) of IBM Watson CP4D Data Stores which maintains backward compatibility with the versions listed above.
Product Latest Version | Remediation/Fix/Instructions |
---|---|
IBM Watson CP4D Data Stores 5.0 |
Follow instructions for Installing IBM Watson CP4D Data Stores in Link to Release (v5.0 or later releases) release information.
https://www.ibm.com/docs/en/cloud-paks/cp-data/5.0.x
None
CPE | Name | Operator | Version |
---|---|---|---|
watson cp4d data stores | ge | 4.0.0 | |
watson cp4d data stores | le | 4.8.5 |
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
53.4%