Lucene search

IBMA97DDE1FC3721631BBC5487F52877F292B6EEB4A251EBC02CBD36C2416CCA4EF

HistoryJun 28, 2024 - 12:41 p.m.

Security Bulletin: A vulnerability in Go affects Data Replication on Cloud Pak for Data

2024-06-2812:41:21

www.ibm.com

data replication

cloud pak for data

vulnerability

denial of service

fix pack

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.002

Percentile

52.1%

JSON

Summary

A vulnerability in the package Go has been addressed.

Vulnerability Details

CVEID:CVE-2022-41725
**DESCRIPTION:**Golang Go is vulnerable to a denial of service, caused by a flaw when perform multipart form parsing with mime/multipart.Reader.ReadForm. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to consume largely unlimited amounts of memory and disk files, and results in a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248957 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
Data Replication on Cloud Pak for Data	All before 4.7.1

Remediation/Fixes

Update to the latest product fix pack found here: <https://www.ibm.com/docs/en/cloud-paks/cp-data/4.8.x?topic=new-data-replication>

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.6.4

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.6.5

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.7.0

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.7.1

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.7.2

VendorProductVersionCPE
ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_data4.6.4cpe:2.3:a:ibm:cognos_analytics_cartridge_for_ibm_cloud_pak_for_data:4.6.4:*:*:*:*:*:*:*
ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_data4.6.5cpe:2.3:a:ibm:cognos_analytics_cartridge_for_ibm_cloud_pak_for_data:4.6.5:*:*:*:*:*:*:*
ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_data4.7.0cpe:2.3:a:ibm:cognos_analytics_cartridge_for_ibm_cloud_pak_for_data:4.7.0:*:*:*:*:*:*:*
ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_data4.7.1cpe:2.3:a:ibm:cognos_analytics_cartridge_for_ibm_cloud_pak_for_data:4.7.1:*:*:*:*:*:*:*
ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_data4.7.2cpe:2.3:a:ibm:cognos_analytics_cartridge_for_ibm_cloud_pak_for_data:4.7.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	cognos_analytics_cartridge_for_ibm_cloud_pak_for_data	4.6.4	cpe:2.3:a:ibm:cognos_analytics_cartridge_for_ibm_cloud_pak_for_data:4.6.4:::::::*
ibm	cognos_analytics_cartridge_for_ibm_cloud_pak_for_data	4.6.5	cpe:2.3:a:ibm:cognos_analytics_cartridge_for_ibm_cloud_pak_for_data:4.6.5:::::::*
ibm	cognos_analytics_cartridge_for_ibm_cloud_pak_for_data	4.7.0	cpe:2.3:a:ibm:cognos_analytics_cartridge_for_ibm_cloud_pak_for_data:4.7.0:::::::*
ibm	cognos_analytics_cartridge_for_ibm_cloud_pak_for_data	4.7.1	cpe:2.3:a:ibm:cognos_analytics_cartridge_for_ibm_cloud_pak_for_data:4.7.1:::::::*
ibm	cognos_analytics_cartridge_for_ibm_cloud_pak_for_data	4.7.2	cpe:2.3:a:ibm:cognos_analytics_cartridge_for_ibm_cloud_pak_for_data:4.7.2:::::::*