CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
46.9%
A privilege escalation vulnerability has been discovered in pkexec, a component of polkit. The TSSC does not use pkexec, but the executable does exist on the system. A patch has been provided that removes the executable from the file system.
CVEID:CVE-2021-4034
**DESCRIPTION:**Polkit could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect handling of the argument vectors in the pkexec utility. By crafting environment variables in a specific way, an attacker could exploit this vulnerability to execute commands with root privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218087 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Product|**Version
**
—|—
TSSC/IMC| 9.2.16
TSSC/IMC| 9.2.14
TSSC/IMC| 9.2.11
TSSC/IMC| 9.1.11
TSSC/IMC| 9.1.9
TSSC/IMC| 9.1.7
TSSC/IMC| 9.0.6
TSSC/IMC| 9.0.4
TSSC/IMC| 8.6.6
TSSC/IMC| 8.5.5
IBM strongly recommends addressing the vulnerability now.
Product | Version | Remediation/Fix/Instructions |
---|---|---|
TSSC/IMC | 9.2.16 | Download patch and execute on TSSC/IMC system |
TSSC/IMC | 9.2.14 | Download patch and execute on TSSC/IMC system |
TSSC/IMC | 9.2.11 | Download patch and execute on TSSC/IMC system |
TSSC/IMC | 9.1.11 | Download patch and execute on TSSC/IMC system |
TSSC/IMC | 9.1.9 | Download patch and execute on TSSC/IMC system |
TSSC/IMC | 9.1.7 | Download patch and execute on TSSC/IMC system |
TSSC/IMC | 9.0.6 | Download patch and execute on TSSC/IMC system |
TSSC/IMC | 9.0.4 | Download patch and execute on TSSC/IMC system |
TSSC/IMC | 8.6.6 | Download patch and execute on TSSC/IMC system |
TSSC/IMC | 8.5.5 | Download patch and execute on TSSC/IMC system |
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | ts7700 | 8.5.5 | cpe:2.3:h:ibm:ts7700:8.5.5:*:*:*:*:*:*:* |
ibm | ts7700 | 8.6.6 | cpe:2.3:h:ibm:ts7700:8.6.6:*:*:*:*:*:*:* |
ibm | ts7700 | 9.0.4 | cpe:2.3:h:ibm:ts7700:9.0.4:*:*:*:*:*:*:* |
ibm | ts7700 | 9.1.7 | cpe:2.3:h:ibm:ts7700:9.1.7:*:*:*:*:*:*:* |
ibm | ts7700 | 9.1.9 | cpe:2.3:h:ibm:ts7700:9.1.9:*:*:*:*:*:*:* |
ibm | ts7700 | 9.2.14 | cpe:2.3:h:ibm:ts7700:9.2.14:*:*:*:*:*:*:* |
ibm | ts7700 | 9.2.16 | cpe:2.3:h:ibm:ts7700:9.2.16:*:*:*:*:*:*:* |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
46.9%