7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.2%
There is a vulnerability in Libcontainer and Docker Engine used by IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the applicable CVE.
CVEID:CVE-2015-3627
**DESCRIPTION:**A symlink vulnerability in Libcontainer and Docker Engine regarding the file-descriptor being opened prior to performing the chroot could allow a local attacker to gain elevated privileges on the system. An attacker could exploit this vulnerability using a specially crafted Dockerfile or image to gain elevated privileges on the system.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/103092 for the current score.
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Affected Product(s) | Version(s) |
---|---|
Decision Optimization for Cloud Pak for Data | All |
IBM strongly suggests to upgrade to IBM Decision Optimization in IBM Cloud Pak for Data 4.6.1 or higher, using the Operator upgrade process described in the IBM Documentation:
<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.6.x?topic=u-upgrading-from-version-46-8>
None
CPE | Name | Operator | Version |
---|---|---|---|
decision optimization for cloud pak for data | eq | any |