CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
79.5%
Vulnerabilities in PHP may affect IBM Spectrum Sentinel Anomaly Scan Engine. Vulnerabilities include: PHP allowing remote attacker to execute arbitrary code, obtain sensitive information, local authenticated attacker gain elevated privileges on the system, cross-site request forgery and denial of service.
CVEID:CVE-2022-31628
**DESCRIPTION:**PHP is vulnerable to a denial of service, caused by a flaw in the phar uncompressor code. By using a specially-crafted gzip file, a local authenticated attacker could exploit this vulnerability to cause an infinite loop, and results in a denial of service condition.
CVSS Base score: 2.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237533 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2022-31629
**DESCRIPTION:**PHP is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to set a standard insecure cookie in the browser. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVSS Base score: 5.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237534 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2021-21708
**DESCRIPTION:**PHP could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause the application to crash.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221046 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L)
CVEID:CVE-2021-21703
**DESCRIPTION:**PHP could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw when running PHP FPM SAPI with the main FPM daemon process running as root. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges as root.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212017 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVEID:CVE-2021-21707
**DESCRIPTION:**PHP could allow a remote attacker to obtain sensitive information, caused by a weakly configured XML parser. By using a specially-crafted filename containing URL-encoded NUL character, an attacker could exploit this vulnerability to read a different file than intended, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214167 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Sentinel Anomaly Scan Engine | 1.1.0-1.1.1 |
IBM Spectrum Sentinel Anomaly Scan Engine |
Fixing Level
|
Platform
|
Link to Fix and Instructions
—|—|—|—
1.1.0-1.1.1
|
1.1.2
|
Linux
|
<https://www.ibm.com/support/pages/node/6841595>
Please refer to IBM Spectrum Copy Data Management security bulletins for the Spectrum Copy Data Management vulnerabilities.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | spectrum_control | 1.1 | cpe:2.3:a:ibm:spectrum_control:1.1:*:*:*:*:*:*:* |
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
79.5%