IBM4F0572B61430F5E8F94504C36140C840BAB010BF07D4AD76E1FE8F7486112BE4Security Bulletin: IBM Planning Analytics Cartridge for IBM Cloud Pak for Data 4.7.0 has addressed security vulnerabilities
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
62.1%
Summary
IBM Planning Analytics Cartridge for IBM Cloud Pak for Data is vulnerable to security vulnerabilities . These have been addressed.
Vulnerability Details
CVEID:CVE-2022-0185
**DESCRIPTION:**Linux Kernel is vulnerable to a heap-based buffer overflow, caused by an integer underflow in the legacy_parse_param function in fs/fs_context.c. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217455 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-27877
**DESCRIPTION:**IBM Planning Analytics on Cloud Pak for Data could allow an attacker to obtain sensitive information, due to insecure network policy configuration.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249981 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2023-26023
**DESCRIPTION:**IBM Planning Analytics on Cloud Pak for Data exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247896 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2023-26026
**DESCRIPTION:**IBM Planning Analytics connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247905 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Planning Analytics Cartridge for IBM Cloud Pak for Data | 4.0 |
Remediation/Fixes
| Affected Product(s) | Version(s) | Fix |
|---|---|---|
| IBM Planning Analytics Cartridge for IBM Cloud Pak for Data | 4.0 | Installing IBM Planning Analytics Cartridge for IBM Cloud Pak for Data |
Workarounds and Mitigations
None
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | cognos_analytics_cartridge_for_ibm_cloud_pak_for_data | 4.0 | cpe:2.3:a:ibm:cognos_analytics_cartridge_for_ibm_cloud_pak_for_data:4.0:*:*:*:*:*:*:* |
| ibm | planning_analytics_local | 2.0 | cpe:2.3:a:ibm:planning_analytics_local:2.0:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
62.1%