7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.8 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
79.3%
There is a potential directory traversal vulnerability via a crafted zip in Apache Ant
CVEID:CVE-2022-48285
**DESCRIPTION:**JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when files are loaded with loadAsync
, which makes the library vulnerable to a Zip Slip attack. By extracting files from a specially crafted archive, an attacker could gain access to parts of the file system outside of the target folder, overwrite the executable files and execute arbitrary commands on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244499 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
Log Analysis | 1.3.7.x |
Principal Product and Version(s) | Fix details |
---|---|
IBM Operations Analytics - Log Analysis version 1.3.7.x | Use Log Analysis version 1.3.8. You can download the release from Passport Advantage. Part number: |
M0GJREN IBM Operations Analytics Log Analysis v1.3.8 Linux 64 bit | |
M0GJSEN IBM Operations Analytics Log Analysis v1.3.8 zLinux 64 bit | |
M0GJTEN IBM Operations Analytics Log Analysis v1.3.8 Power8 ppc64le |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm operations analytics - log analysis | eq | 1.3.7. |
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.8 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
79.3%