Lucene search

K
ibmIBM4F0572B61430F5E8F94504C36140C840BAB010BF07D4AD76E1FE8F7486112BE4
HistoryJun 29, 2023 - 7:24 p.m.

Security Bulletin: IBM Planning Analytics Cartridge for IBM Cloud Pak for Data 4.7.0 has addressed security vulnerabilities

2023-06-2919:24:39
www.ibm.com
30
ibm planning analytics
cloud pak for data
vulnerabilities
linux kernel
buffer overflow
root privileges
insecure network policy
sensitive information
logs
couchdb server
database

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

34.3%

Summary

IBM Planning Analytics Cartridge for IBM Cloud Pak for Data is vulnerable to security vulnerabilities . These have been addressed.

Vulnerability Details

CVEID:CVE-2022-0185
**DESCRIPTION:**Linux Kernel is vulnerable to a heap-based buffer overflow, caused by an integer underflow in the legacy_parse_param function in fs/fs_context.c. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217455 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-27877
**DESCRIPTION:**IBM Planning Analytics on Cloud Pak for Data could allow an attacker to obtain sensitive information, due to insecure network policy configuration.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249981 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2023-26023
**DESCRIPTION:**IBM Planning Analytics on Cloud Pak for Data exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247896 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2023-26026
**DESCRIPTION:**IBM Planning Analytics connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247905 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Planning Analytics Cartridge for IBM Cloud Pak for Data 4.0

Remediation/Fixes

Affected Product(s) Version(s) Fix
IBM Planning Analytics Cartridge for IBM Cloud Pak for Data 4.0 Installing IBM Planning Analytics Cartridge for IBM Cloud Pak for Data

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.0
OR
ibmplanning_analytics_localMatch2.0

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

34.3%