IBME02B588EEE1E0D138CB5E0146307B67F320FED15C9EED404FF7E1533E39268EASecurity Bulletin: pdfmake vulnerability affect IBM Spectrum Control
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
Summary
Vulnerability in pdfmake could allow a remote attacker to execute arbitrary code on the system, which could affect IBM Spectrum Control. CVE-2024-25180.
Vulnerability Details
CVEID:CVE-2024-25180
**DESCRIPTION:**pdfmake could allow a remote attacker to execute arbitrary code on the system, caused by improper neutralization of user supplied-input. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284924 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Spectrum Control | 5.4.0 - 5.4.11 |
Remediation/Fixes
| Release | First Fixing VRM Level | Link to Fix |
|---|---|---|
| 5.4 | 5.4.12 | <https://www.ibm.com/support/pages/latest-downloads-ibm-spectrum-control> |
Workarounds and Mitigations
None
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | spectrum_control | 5.4 | cpe:2.3:a:ibm:spectrum_control:5.4:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High