4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
20.3%
A security vulnerability exists in IBM Cognos Analytics Cartridge for IBM Cloud Pak for Data where the security context settings were missing and or configured incorrectly in pod specifications . Security Context has the greatest impact on reducing the attack surface and ignoring the seccomp setting would allow an attacker to make system calls that might compromise the security of the containers. This vulnerability has been addressed
CVEID:CVE-2023-28953
**DESCRIPTION:**IBM Cognos Analytics on Cloud Pak for Data could allow an attacker to make system calls that might compromise the security of the containers due to misconfigured security context.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251465 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Cognos Analytics Cartridge for IBM Cloud Pak for Data | 4.0 |
Affected Product(s) | Version(s) | Fix |
---|---|---|
IBM Planning Analytics Cartridge for IBM Cloud Pak for Data | 4.0 | Downloading IBM Cognos Analytics Cartridge and Modernization for IBM Cloud Pak for Data 4.7. |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cognos analytics cartridge for ibm cloud pak for data | eq | 4.0 |
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
20.3%