Lucene search

IBMD8EB1B2ED797FCF05EC638EEDC4C8B2CC19222212F7B957988CB15230A2B7CEA

HistoryOct 21, 2022 - 9:32 a.m.

Security Bulletin: A security vulnerability in Ruby on Rails affects IBM Cloud Pak for Multicloud Management Infrastructure Management [CVE-2022-21831]

2022-10-2109:32:40

www.ibm.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.067 Low

EPSS

Percentile

93.8%

JSON

Summary

A security vulnerability in Ruby on Rails affects IBM Cloud Pak for Multicloud Management Infrastructure Management [CVE-2022-21831]

Vulnerability Details

CVEID:CVE-2022-21831
**DESCRIPTION:**Ruby on Rails Active Storage module could allow a remote attacker to execute arbitrary code on the system, caused by a code injection vulnerability in the image_processing method of the mini_magick back end. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222686 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Cloud Pak for Multicloud Management Infrastructure Management	All

Remediation/Fixes

Upgrade to IBM Cloud Pak for Multicloud Management 2.3 latest fixpack by following the instructions in <https://www.ibm.com/docs/en/cloud-paks/cp-management/2.3.x?topic=installation-upgrade>.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm cloud pak for multicloud managementeq2.3.

CPE	Name	Operator	Version
	ibm cloud pak for multicloud management	eq	2.3.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.067 Low

EPSS

Percentile

93.8%

JSON

Related for D8EB1B2ED797FCF05EC638EEDC4C8B2CC19222212F7B957988CB15230A2B7CEA