CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
79.3%
Vulnerabilities in PHP may affect IBM Spectrum Sentinel Anomaly Scan Engine. Vulnerabilities include: PHP allowing remote attacker to execute arbitrary code, obtain sensitive information, local authenticated attacker gain elevated privileges on the system, cross-site request forgery and denial of service.
CVEID:CVE-2022-31628
**DESCRIPTION:**PHP is vulnerable to a denial of service, caused by a flaw in the phar uncompressor code. By using a specially-crafted gzip file, a local authenticated attacker could exploit this vulnerability to cause an infinite loop, and results in a denial of service condition.
CVSS Base score: 2.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237533 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2022-31629
**DESCRIPTION:**PHP is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to set a standard insecure cookie in the browser. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVSS Base score: 5.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237534 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2021-21708
**DESCRIPTION:**PHP could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause the application to crash.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221046 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L)
CVEID:CVE-2021-21703
**DESCRIPTION:**PHP could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw when running PHP FPM SAPI with the main FPM daemon process running as root. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges as root.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212017 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVEID:CVE-2021-21707
**DESCRIPTION:**PHP could allow a remote attacker to obtain sensitive information, caused by a weakly configured XML parser. By using a specially-crafted filename containing URL-encoded NUL character, an attacker could exploit this vulnerability to read a different file than intended, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214167 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Sentinel Anomaly Scan Engine | 1.1.0-1.1.1 |
IBM Spectrum Sentinel Anomaly Scan Engine |
Fixing Level
|
Platform
|
Link to Fix and Instructions
—|—|—|—
1.1.0-1.1.1
|
1.1.2
|
Linux
|
<https://www.ibm.com/support/pages/node/6841595>
Please refer to IBM Spectrum Copy Data Management security bulletins for the Spectrum Copy Data Management vulnerabilities.
None
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
79.3%