Lucene search

K
ibmIBME968AD5017ABDE11FE68F7B1E79DA987D4D07FB923403E3C5A31944905698FDC
HistoryJan 12, 2024 - 6:47 p.m.

Security Bulletin: A vulnerability in json-c may affect IBM Robotic Process Automation for Cloud Pak and result in arbitrary code execution (CVE-2020-12762).

2024-01-1218:47:44
www.ibm.com
10
ibm robotic process automation
json-c
vulnerability
arbitrary code execution
cve-2020-12762
update

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.001

Percentile

44.5%

Summary

json-c is used by IBM Robotic Process Automation as part of base container images. (CVE-2020-12762).

Vulnerability Details

CVEID:CVE-2020-12762
**DESCRIPTION:**json-c could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow and out-of-bounds write. By persuading a victim to run a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/182094 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Robotic Process Automation for Cloud Pak 23.0.0 - 23.0.12

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Product(s) **Version(s) number and/or range ** Remediation/Fix/Instructions

IBM Robotic Process Automation for Cloud Pak

| 23.0.0 - 23.0.12| Update to 23.0.13 or higher using the following instructions.

Workarounds and Mitigations

None.

Affected configurations

Vulners
Node
ibmrobotic_process_automationMatch23.0.0
OR
ibmrobotic_process_automationMatch23.0.12

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.001

Percentile

44.5%