IBMF16D912EC77D60C462755B8B2FF6784800AB67650918F99D22E9E746EF3588B3Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data 4.8.1 has addressed security vulnerabilities
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.3 High
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.006 Low
EPSS
Percentile
78.8%
Summary
IBM Cognos Dashboards on Cloud Pak for Data 4.8.1 resolves vulnerabilities reported in GNU gcc, GNU glibc, shadow-maint shadow-utils and RabbitMQ. Please refer to the table in the Related Information section for vulnerability impact.
Vulnerability Details
CVEID:CVE-2023-4641
**DESCRIPTION:**shadow-maint shadow-utils could allow a local authenticated attacker to obtain sensitive information, caused by failing to clean the buffer used to store password information. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain password information, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271763 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2018-20796
**DESCRIPTION:**GNU C Library (aka glibc or libc6) is vulnerable to a denial of service, caused by an uncontrolled recursion in the check_dst_limits_calc_pos_1 in posix/regexec.c. By using a specially-crafted command, a local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/158013 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2023-4039
**DESCRIPTION:**GNU GCC could allow a remote attacker to bypass security restrictions, caused by a buffer overflow in the -fstack-protector feature in GCC-based toolchains . By sending a specially crafted request, an attacker could exploit this vulnerability to change program flow control in the application.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265948 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID:CVE-2023-46120
**DESCRIPTION:**RabbitMQ Java Client is vulnerable to a denial of service, caused by no message size limit in maxBodyLebgth. By sending a specially crafted message, a remote attacker could exploit this vulnerability to cause a memory overflow, and results in a denial of service condition.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/269738 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Cognos Dashboards on Cloud Pak for Data | 4.0 |
Remediation/Fixes
It is strongly recommended that you apply the most recent security update:
| Affected Product(s) | Version(s) | Fix Version |
|---|---|---|
| IBM Cognos Dashboards on Cloud Pak for Data | 4.0 | Upgrading Cognos Dashboards |
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm cloud pak for data | eq | 4.7.0 | |
| ibm cloud pak for data | eq | 4.8.0 |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.3 High
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.006 Low
EPSS
Percentile
78.8%