Lucene search

IBM873A714DA170F6A4037817DBB3261760035B016F7A20E4AA56857124A6E03F98

HistoryMar 13, 2024 - 7:42 a.m.

Security Bulletin: Vulnerability in babel affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2021-42771]

2024-03-1307:42:33

www.ibm.com

ibm cloud pak data system 2.0

babel vulnerability

arbitrary code execution

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

37.1%

JSON

Summary

The babel package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE[CVE-2021-42771]

Vulnerability Details

CVEID:CVE-2021-42771
**DESCRIPTION:**Python-Babel Babel could allow a local authenticated attacker to traverse directories on the system, caused by a flaw in the Babel.Locale function. An attacker could load a specially-crafted .dat file containing “dot dot” sequences (/…/) to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211766 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Cloud Pak for Data System 2.0	2.0.0.0 - 2.0.2.1

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading to latest version.

Affected Product(s)	VRMF	Remediation/Fixes
IBM Cloud Pak for Data System 2.0	2.0.2.1.IF1	Link to Fix Central

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm cloud pak for data systemeq2.0

CPE	Name	Operator	Version
	ibm cloud pak for data system	eq	2.0

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

37.1%

JSON

Related for 873A714DA170F6A4037817DBB3261760035B016F7A20E4AA56857124A6E03F98