Lucene search

IBMC963803C9AFFB2086D138C4A75C42044D79968312E1F6E66CECD10107F77E8AD

HistoryJun 28, 2024 - 12:42 p.m.

Security Bulletin: A vulnerability in containerd affects Data Replication on Cloud Pak for Data

2024-06-2812:42:05

www.ibm.com

vulnerability

containerd

data replication

cloud pak

denial of service

fix pack

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.5%

JSON

Summary

A vulnerability in the containerd package has been addressed.

Vulnerability Details

CVEID:CVE-2022-23471
**DESCRIPTION:**containerd is vulnerable to a denial of service, caused by a flaw in the CRI implementation. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to exhaust memory on the host, and results in a denial of service condition.
CVSS Base score: 5.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241615 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
Data Replication on Cloud Pak for Data	All before 4.8.0

Remediation/Fixes

Update to the latest product fix pack found here: <https://www.ibm.com/docs/en/cloud-paks/cp-data/4.8.x?topic=new-data-replication>

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.6.4

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.6.5

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.7.0

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.7.1

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.7.2

CPENameOperatorVersion
ibm data replication cartridge for ibm cloud pak for dataeq4.6.4
ibm data replication cartridge for ibm cloud pak for dataeq4.6.5
ibm data replication cartridge for ibm cloud pak for dataeq4.7.0
ibm data replication cartridge for ibm cloud pak for dataeq4.7.1
ibm data replication cartridge for ibm cloud pak for dataeq4.7.2

Name	Operator	Version
ibm data replication cartridge for ibm cloud pak for data	eq	4.6.4
ibm data replication cartridge for ibm cloud pak for data	eq	4.6.5
ibm data replication cartridge for ibm cloud pak for data	eq	4.7.0
ibm data replication cartridge for ibm cloud pak for data	eq	4.7.1
ibm data replication cartridge for ibm cloud pak for data	eq	4.7.2