Lucene search
IBM9E8662B70074FC8E0105E5585AE2B7A19374764228576FA3C95BAFF0BE0456C8HistoryDec 21, 2021 - 6:45 p.m.
Security Bulletin: i2 Analysts' Notebook memory corruption vulnerability
2021-12-2118:45:29
www.ibm.com
24
ibm
i2 analyst's notebook
memory corruption
vulnerability
stack-based buffer overflow
bounds checking
ibm x-force
cvss
9.2.0
9.2.1
9.2.2
9.3.1
continuous delivery update
EPSS
0
Percentile
5.1%
Summary
i2 Analysts’ Notebook is vulnerable to potential memory corruption vulnerabilities
Vulnerability Details
CVEID:CVE-2021-39049
**DESCRIPTION:**IBM i2 Analyst’s Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214439.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214439 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM i2 Analyst’s Notebook | IBM i2 Analyst’s Notebook 9.2.0 |
| IBM i2 Analyst’s Notebook | All |
| IBM i2 Analyst’s Notebook | IBM i2 Analyst’s Notebook 9.2.1 |
| IBM i2 Analyst’s Notebook | IBM i2 Analyst’s Notebook 9.2.2 |
Remediation/Fixes
Please visit your software downloads site and install the 9.3.1 continuous delivery update
Workarounds and Mitigations
None
Related
cvelist
cvelist
CVE-2021-39049
2021-12-13 18:35:33
prion
prion
Stack overflow
2021-12-13 19:15:00
cnvd
cnvd
IBM i2 Analyst s Notebook Buffer Overflow Vulnerability
2021-12-17 00:00:00
cve
cve
CVE-2021-39049
2021-12-13 19:15:07
nvd
nvd
CVE-2021-39049
2021-12-13 19:15:07