5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.8 Medium
AI Score
Confidence
High
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
9.7%
The Elfutils package is used by IBM CICS TX Advanced in order to read, create and modify ELF (Executable and Linkable Format) binary files. The Elfutils package is vulnerable to a Denial of Service (CVE-2021-33294 and CVE-2020-21047). An update to IBM CICS TX Advanced has been released to address the vulnerability.
CVEID:CVE-2021-33294
**DESCRIPTION:**elfutils is vulnerable to a denial of service, caused by an infinite loop was found in the function handle_symtab in readelf.c. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261942 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-21047
**DESCRIPTION:**elfutils is vulnerable to a denial of service, caused by a out-of-bounds write, off-by-one, and reachable assertion flaw in the libcpu component. By persuading a victim to open a specially crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266323 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM CICS TX Advanced | 10.1 |
IBM strongly recommends addressing the vulnerability now by upgrading IBM CICS TX Advanced.
Product | Version | Platform | Remediation / Fix |
---|---|---|---|
IBM CICS TX Advanced |
10.1
| Linux| Download the update from Fix Central.
None
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.8 Medium
AI Score
Confidence
High
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
9.7%