Lucene search

IBM189B4AAE26E5AEA5664A5863E72670591342DDCCCEEFB956E19BFAF01FACF596

HistoryJun 08, 2023 - 1:40 p.m.

Security Bulletin: Vulnerability in paramiko-2.4.2-py2.py3-none-any.whl affects IBM Integrated Analytics System [CVE-2022-24302]

2023-06-0813:40:11

www.ibm.com

ibm

integrated analytics system

vulnerability

paramiko

remote attacker

sensitive information

race condition

upgrade

fix central

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.007

Percentile

80.2%

JSON

Summary

The paramiko-2.4.2-py2.py3-none-any.whl package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE [CVE-2022-31799]

Vulnerability Details

CVEID:CVE-2022-24302
**DESCRIPTION:**Paramiko could allow a remote attacker to obtain sensitive information, caused by a race condition in the write_private_key_file function. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222109 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)