Lucene search

IBM1D8E385703573E07F7DC8D356A12D46B06EE7D7DC1F12F3FD88D2E62A91BA25E

HistoryNov 08, 2023 - 12:47 p.m.

Security Bulletin: Data Replication on Cloud Pak for Data vulnerabile to Apache James MIME4J vulnerability

2023-11-0812:47:26

www.ibm.com

cloud pak for data

data replication

apache james mime4j

vulnerability

security bulletin

sensitive information

fix pack

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Summary

A vulnerability in Apache James MIME4J is addressed.

Vulnerability Details

CVEID:CVE-2022-45787
**DESCRIPTION:**Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the temporary files. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244033 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
Data Replication on Cloud Pak for Data	All before 4.6.5

Remediation/Fixes

Update to the latest product fix pack found here: <https://www.ibm.com/docs/en/cloud-paks/cp-data/4.7.x?topic=new-data-replication>

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmdata_virtualization_on_cloud_pak_for_dataMatch4.6.4

CPENameOperatorVersion
ibm data replication on cloud pak for dataeq4.6.4

CPE	Name	Operator	Version
	ibm data replication on cloud pak for data	eq	4.6.4

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for 1D8E385703573E07F7DC8D356A12D46B06EE7D7DC1F12F3FD88D2E62A91BA25E