CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
AI Score
Confidence
Low
IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed
CVEID:CVE-2024-5321
**DESCRIPTION:**Kubernetes kubelet could allow a local authenticated attacker to bypass security restrictions, caused by incorrect permissions on Windows containers logs. By sending a specially crafted request, an attacker could exploit this vulnerability to read and modify container logs.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298140 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Automation Decision Services | 24.0.0 |
IBM Automation Decision Services 24.0.0:
Interim fix 002 is available:
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | automation_workstream_services | 24.0.0 | cpe:2.3:a:ibm:automation_workstream_services:24.0.0:*:*:*:*:*:*:* |
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
AI Score
Confidence
Low