IBM70AC6C8CDB3024FFCC64BC866F5343E66D8CDC462E003F8D1D7B48D9FFCE1A80Security Bulletin: A vulnerability in Libcontainer and Docker Engine affects IBM Decision Optimization in IBM Cloud Pak for Data (CVE-2015-3627)
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%
Summary
There is a vulnerability in Libcontainer and Docker Engine used by IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the applicable CVE.
Vulnerability Details
CVEID:CVE-2015-3627
**DESCRIPTION:**A symlink vulnerability in Libcontainer and Docker Engine regarding the file-descriptor being opened prior to performing the chroot could allow a local attacker to gain elevated privileges on the system. An attacker could exploit this vulnerability using a specially crafted Dockerfile or image to gain elevated privileges on the system.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/103092 for the current score.
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Decision Optimization for Cloud Pak for Data | All |
Remediation/Fixes
IBM strongly suggests to upgrade to IBM Decision Optimization in IBM Cloud Pak for Data 4.6.1 or higher, using the Operator upgrade process described in the IBM Documentation:
<https://www.ibm.com/docs/en/cloud-paks/cp-data/4.6.x?topic=u-upgrading-from-version-46-8>
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| decision optimization for cloud pak for data | eq | any |
Related
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%