IBM91D6213F3DA441280CF89DE38DB168FF9A543B6CD8A2ABFA74DFB36ABBE7D271Security Bulletin: Vulnerability in jgit affect Cloud Pak System [CVE-2023-4759]
Summary
Vulnerability in jgit affect Cloud Pak System. IBM Cloud Pak System Addressed vulnerability [CVE-2023-4759].
Vulnerability Details
CVEID:CVE-2023-4759
**DESCRIPTION:**Eclipse JGit could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of case insensitive filesystems. By using a specially crafted symlink, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265872 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Cloud Pak System | 2.3.1.1, 2.3.2.0 (Power) |
| IBM Cloud Pak System | 2.3.3.7 (Power) |
Remediation/Fixes
For unsupported or end of life release recommendation is to upgrade to supported fixed release of the product.
In response to vulnerabilities in Golang Go Cloud Pak System provides Cloud Pak System v2.3.3.7 Interim Fix 1.
For IBM Cloud Pak System v2.3.1.1, v2.3.2.0
upgrade to IBM Cloud Pak System v2.3.3.7 and apply IBM Cloud Pak System v2.3.3.7 Interim Fix 1 at Fix Central.
For IBM Cloud Pak System V2.3.3.7,
Apply Cloud Pak System V2.3.3.7 Interim Fix 1 at Fix Central.
information on upgrading available at <http://www.ibm.com/support/docview.wss?uid=ibm10887959>
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm cloud pak system software | eq | 2.3 |
Related
7.8 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
47.3%