Lucene search

IBM63AF6F2567C82DD12BEE1441594D92A95D8402D291BA6A7E5CEFE667741C7DB4

HistorySep 26, 2024 - 1:10 p.m.

Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [CVE-2020-27618]

2024-09-2613:10:32

www.ibm.com

ibm integrated analytics system

glibc

vulnerability

denial of service

ibm character sets

fix available

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

JSON

Summary

Redhat provided glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE [CVE-2020-27618]

Vulnerability Details

CVEID:CVE-2020-27618
**DESCRIPTION:**GNU C Library (aka glibc or libc6) is vulnerable to a denial of service, caused by an error when processing some invalid inputs from several IBM character sets in the iconv function. By sending invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, IBM1399 encodings, a local authenticated attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196446 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Integrated Analytics System	1.0.0-1.0.28.2

Remediation/Fixes

Affected Product(s)	VRMF	Remediation/Fixes
IBM Integrated Analytics System	1.0.30.0	Link to Fix Central

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmsmart_analytics_system_7710Matchany

VendorProductVersionCPE
ibmsmart_analytics_system_7710anycpe:2.3:a:ibm:smart_analytics_system_7710:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	smart_analytics_system_7710	any	cpe:2.3:a:ibm:smart_analytics_system_7710:any:::::::*

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

JSON

Related for 63AF6F2567C82DD12BEE1441594D92A95D8402D291BA6A7E5CEFE667741C7DB4