CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
5.1%
IBM PowerVM Novalink is vulnerable because RESTEasy could allow a local authenticated attacker to gain elevated privileges on the system, caused by the creation of insecure temp files in the File.createTempFile() used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVEID:CVE-2023-0482
**DESCRIPTION:**RESTEasy could allow a local authenticated attacker to gain elevated privileges on the system, caused by the creation of insecure temp files in the File.createTempFile() used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/246304 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
PowerVM Novalink | 2.0 |
PowerVM Novalink | 2.0.1 |
PowerVM Novalink | 2.0.2 |
PowerVM Novalink | 2.0.2.1 |
PowerVM Novalink | 2.0.3 |
PowerVM Novalink | 2.0.3.1 |
PowerVM Novalink | 2.1.0 |
PowerVM Novalink | 2.1.1 |
IBM strongly recommends addressing the vulnerability now by upgrading based on the table below.
Product | Version | Remediation |
---|---|---|
PowerVM Novalink | 2.0.0.0 |
Update to pvm-novalink-2.0.1-230626
or
Update to pvm-novalink-2.0.3.1.1-230726
or
Update to pvm-novalink-2.1.1-230725
PowerVM Novalink| 2.0.1|
Update to pvm-novalink-2.0.1-230626
or
Update to pvm-novalink-2.0.3.1.1-230726
or
Update to pvm-novalink-2.1.1-230725
PowerVM Novalink| 2.0.2|
Update to pvm-novalink-2.0.3.1.1-230726
or
Update to pvm-novalink-2.1.1-230725
PowerVM Novalink| 2.0.2.1|
Update to pvm-novalink-2.0.3.1.1-230726
or
Update to pvm-novalink-2.1.1-230725
PowerVM Novalink| 2.0.3|
Update to pvm-novalink-2.0.3.1.1-230726
or
Update to pvm-novalink-2.1.1-230725
PowerVM Novalink| 2.0.3.1|
Update to pvm-novalink-2.0.3.1.1-230726
or
Update to pvm-novalink-2.1.1-230725
PowerVM Novalink| 2.1.0| Update to pvm-novalink-2.1.1-230725
PowerVM Novalink| 2.1.1| Update to pvm-novalink-2.1.1-230725
None
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
5.1%