Lucene search

IbmCVELIST:CVE-2020-4724

HistoryOct 29, 2020 - 3:50 p.m.

CVE-2020-4724

2020-10-2915:50:34

ibm

www.cve.org

ibm i2 analyst notebook

9.2.0

9.2.1

memory corruption

vulnerability

arbitrary code

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

EPSS

0.001

Percentile

29.2%

JSON

IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CNA Affected

[
  {
    "product": "i2 Analyst Notebook",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "9.2.1"
      },
      {
        "status": "affected",
        "version": "9.2.0"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/187874

www.ibm.com/support/pages/node/6356497

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

EPSS

0.001

Percentile

29.2%

JSON

Related for CVELIST:CVE-2020-4724