IBMCECE5E22230476A85EA4121BD394FC72968D2CE0DC32ADCD9C4E821B1C8023F9Security Bulletin: A vulnerability in Etcd-io could affect IBM CICS TX Standard [CVE-2021-28235]
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
71.4%
Summary
CVE-2021-28235 related to etcd package could affect IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVE. [CVE-2021-28235]
Vulnerability Details
CVEID:CVE-2021-28235
**DESCRIPTION:**Etcd-io could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the debug function. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252005 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM CICS TX Standard | 11.1 |
Remediation/Fixes
IBM recommends you apply these fixes.
Product
| VRMF|APAR|Remediation/First Fix
—|—|—|—
IBM CICS TX Standard| 11.1| Updated packages related to etcd are built with an IFIX and IFIX is made available on Fix Central|
Linux: Fix Central Link
Workarounds and Mitigations
None
Affected configurations
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
71.4%