A security vulnerability in golang affects IBM Cloud Automation Manager.
CVEID:CVE-2021-44717
**DESCRIPTION:**Golang Go could allow a remote attacker to bypass security restrictions, caused by an error in the syscall.ForkExec() interface. By causing the erroneous closing of file descriptor 0 after file-descriptor exhaustion, an attacker could exploit this vulnerability to compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216563 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud Automation Manager | 4.2.0.1 |
Download IBM Cloud Automation Manager 4.2.0.1 iFix 6 from https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-cam-3.2.1-build601049&includeSupersedes=0
Follow the instructions in Readme link in https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-cam-3.2.1-build601049&includeSupersedes=0 to install the iFix 6 to your IBM Cloud Automation Manager 4.2.0.1.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud automation manager | eq | 4.2.0.1 |