Lucene search

K
ibmIBMAC71FB4A6B2FE491A5695E78F749EB79BD9D5A7C171B6A3857946686F8D731A8
HistoryAug 17, 2023 - 6:25 p.m.

Security Bulletin: Security Vulnerabilities in GNU glibc affect IBM Cloud Pak for Data - GNU glibc (CVE-2020-1751)

2023-08-1718:25:38
www.ibm.com
44
gnu glibc
ibm cloud pak
cve-2020-1751
powerpc
patch
vulnerability
cp4d v2.5
cp4d v3.0.0
cp4d v3.0.1
denial of service

CVSS2

5.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:P/I:P/A:C

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

27.5%

Summary

Security Vulnerabilities in GNU glibc affect IBM Cloud Pak for Data - GNU glibc (CVE-2020-1751)

Vulnerability Details

CVEID:CVE-2020-1751
**DESCRIPTION:**GNU glibc could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds write when handling signal trampolines on PowerPC. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180052 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
CP4D 2.5
(Not Applicable)
CP4D 3.0

Remediation/Fixes

  • Patch:
    <https://www.ibm.com/support/pages/node/6327429&gt;

  • Users of IBM Cloud Pak for Data V2.5 are Not Affected:
    Issue Not Applicable for IBM Cloud Pak for Data V2.5.

  • Users of IBM Cloud Pak for Data V3.0.0 and V3.0.1 are advised to:
    Apply IBM Cloud Pak for Data V3.0.1 cpd-3.0.1-lite-patch-7 (Available Jan 19, 2021)

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcloud_pak_for_dataMatch2.5.0
OR
ibmcloud_pak_for_dataMatch3.0.0

CVSS2

5.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:P/I:P/A:C

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

27.5%