Security Vulnerabilities affect IBM Cloud Private Vulnerability Advisor Kafka and Notification Dispatcher
CVEID: CVE-2018-1000802 DESCRIPTION: Python could allow a local attacker to execute arbitrary commands on the system, caused by a flaw in the shutil module (make_archive function). By using a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base Score: 8.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150593> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-17456 DESCRIPTION: Git could allow a remote attacker to execute arbitrary code on the system, caused by a flaw during processing of a recursive “git clone” of a superproject. By using a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150956> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
IBM Cloud Private 3.1.1
IBM Cloud Private 3.1.1 patch - Available in Fix Central
None