Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM88D8712A854C972EB9DBDF53BB853EE35C6FB3C706D29AB23F905F3CD23D575E
HistoryJun 29, 2023 - 7:19 p.m.

Security Bulletin: IBM Cognos Analytics Cartridge for IBM Cloud Pak for Data 4.7.0 has addressed a security vulnerability (CVE-2023-28953)

2023-06-2919:19:08
www.ibm.com
15
ibm cognos analytics
cloud pak for data
security context
cve-2023-28953
vulnerability
misconfigured
container security
remediation
ibm planning analytics
modernization

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

20.3%

JSON

Summary

A security vulnerability exists in IBM Cognos Analytics Cartridge for IBM Cloud Pak for Data where the security context settings were missing and or configured incorrectly in pod specifications . Security Context has the greatest impact on reducing the attack surface and ignoring the seccomp setting would allow an attacker to make system calls that might compromise the security of the containers. This vulnerability has been addressed

Vulnerability Details

CVEID:CVE-2023-28953
**DESCRIPTION:**IBM Cognos Analytics on Cloud Pak for Data could allow an attacker to make system calls that might compromise the security of the containers due to misconfigured security context.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251465 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cognos Analytics Cartridge for IBM Cloud Pak for Data 4.0

Remediation/Fixes

Affected Product(s) Version(s) Fix
IBM Planning Analytics Cartridge for IBM Cloud Pak for Data 4.0 Downloading IBM Cognos Analytics Cartridge and Modernization for IBM Cloud Pak for Data 4.7.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.0

Related

cvelist 1
cve 1
prion 1
nvd 1
cvelist
cvelist
CVE-2023-28953 IBM Cognos Analytics on Cloud Pak for Data improper access control
2023-07-10 00:17:30
cve
cve
CVE-2023-28953
2023-07-10 16:15:50
prion
prion
Design/Logic Flaw
2023-07-10 16:15:00
nvd
nvd
CVE-2023-28953
2023-07-10 16:15:50

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

20.3%

JSON
Related for 88D8712A854C972EB9DBDF53BB853EE35C6FB3C706D29AB23F905F3CD23D575E
cvelist1cve1prion1nvd1