Security Bulletin: Vulnerability in jgit affect Cloud Pak System [CVE-2023-4759]

Summary

Vulnerability in jgit affect Cloud Pak System. IBM Cloud Pak System Addressed vulnerability [CVE-2023-4759].

Vulnerability Details

CVEID:CVE-2023-4759
**DESCRIPTION:**Eclipse JGit could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of case insensitive filesystems. By using a specially crafted symlink, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265872 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

Remediation/Fixes

For unsupported or end of life release recommendation is to upgrade to supported fixed release of the product.
In response to vulnerabilities in Golang Go Cloud Pak System provides Cloud Pak System v2.3.3.7 Interim Fix 1.

For IBM Cloud Pak System v2.3.1.1, v2.3.2.0
upgrade to IBM Cloud Pak System v2.3.3.7 and apply IBM Cloud Pak System v2.3.3.7 Interim Fix 1 at Fix Central.

For IBM Cloud Pak System V2.3.3.7,
Apply Cloud Pak System V2.3.3.7 Interim Fix 1 at Fix Central.
information on upgrading available at <http://www.ibm.com/support/docview.wss?uid=ibm10887959&gt;

Workarounds and Mitigations

None