CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
5.1%
Vulnerability in WebSphere Liberty affect Cloud Pak System [CVE-2023-0482].
CVEID:CVE-2023-0482
**DESCRIPTION:**RESTEasy could allow a local authenticated attacker to gain elevated privileges on the system, caused by the creation of insecure temp files in the File.createTempFile() used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/246304 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud Pak System | 2.3.1.1, 2.3.2.0 (Power) |
IBM Cloud Pak System Software Suite | 2.3.3.7 (Power) |
IBM WebSphere Application Server | Liberty 21.0.0.12 - 23.0.0.3 |
For unsupported versions the recommendation is to upgrade to supported version of the product.
For Cloud Pak System V2.3.0.1, V2.3.1.1, V2.3.2.0,
Upgrade to Cloud Pak System v2.3.3.7 and apply V2.3.3.7 Interim Fix 01 at IBM Fix Central.
information on upgrading here <https://www.ibm.com/support/pages/node/6982511>
For Cloud Pak System V2.3.3.7,
Apply Cloud Pak System V2.3.3.7 Interim Fix 01 at IBM Fix Central.
information on upgrading available at <http://www.ibm.com/support/docview.wss?uid=ibm10887959>
None
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
5.1%