IBM5C87520276D59C3E062447E881311B87560A8637DB2191747AF155A4DD72D68CSecurity Bulletin: A privilege escalation vulnerability in nzhwinfo that affects IBM Netezza Platform Software clients.
0.0004 Low
EPSS
Percentile
5.1%
Summary
Nzhwinfo is used by IBM Netezza Platform Software. IBM Netezza Platform Software has addressed the applicable CVE.
Vulnerability Details
CVEID: CVE-2018-1460** *DESCRIPTION: IBM Netezza Platform Software could allow a local user to modify a world writable file, which could be used to execute commands as root.
CVSS Base Score: 8.4
CVSS Temporal Score: See_ _https://exchange.xforce.ibmcloud.com/vulnerabilities/140211 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
IBM Netezza clients from any of the following releases:
- IBM Netezza Platform Software 7.0.4 - 7.2.1.6
Remediation/Fixes
For NPS clients that are running any of the affected releases, IBM recommends upgrading to a fixed, supported version/release/platform of the clients that are available in the following release:
| Product | VRMF | Remediation/First Fix |
|---|---|---|
| IBM Netezza Platform Software | 7.2.1.6-P1 | Link to Fix Central |
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm puredata system | eq | 1.0.0 |
Related
0.0004 Low
EPSS
Percentile
5.1%