IBM Cloud Private for Data is affected by vulnerabilities in the Setup Project that could allow a remote attacker to bypass security restrictions.
CVEID: CVE-2018-1113 DESCRIPTION: Setup Project could allow a remote attacker to bypass security restrictions, caused by an issue with adding /sbin/nologin and /usr/sbin/nologin to /etc/shells. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147843> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
IBM Cloud Private for Data V1.2.1.1
No workarounds are available at this time.
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud pak for data | eq | any |