CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
30.3%
IBM Cloud Pak for Data could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product’s. This vulnerability has been addressed.
CVEID:CVE-2022-36769
**DESCRIPTION:**IBM Cloud Pak for Data could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product’s environment.
CVSS Base score: 7.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/232034 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Watson Knowledge Catalog on-prem | 4.x |
Install IBM Cloud Pak for Data 4.6.4 or higher
IBM Cloud Pak for Data 4.6.4 and above limits or restricts JDBC drivers uploads to certain set of users. For instance, admin user or user with “Administrator” role can upload JDBC drivers. An administrator role has “Administer platform” permissions. This permission is required to upload JDBC drivers. Additionally, users with “Platform administration” role will be able to upload JDBC drivers. Platform administration role has “Administer platform” and “Manage configurations” permissions. “Manage Configuration” permission is more granular. You can revoke this permission from users that do not require JDBC driver upload ability.
Additionally, IBM Cloud Pak for Data implemented new auditable messages that can be used to monitor and track JDBC driver upload activities.
None.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | cloud_pak_for_data | any | cpe:2.3:a:ibm:cloud_pak_for_data:any:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
30.3%