SB2022062412 - Multiple vulnerabilities in IBM PureData System for Operational Analytics

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022062412

SB2022062412 - Multiple vulnerabilities in IBM PureData System for Operational Analytics

Published: June 24, 2022

Security Bulletin ID SB2022062412
Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 25% Medium 25% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-4230)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions. An authenticated local attacker with special permissions can execute specially crafted Db2 commands and escalate privileges on the system.


2) Memory leak (CVE-ID: CVE-2020-4135)

The vulnerability allows a remote attacker to perform a DoS attack on the target system.

The vulnerability exists due memory leak. A remote attacker can send specially crafted packets to cause a denial of service from excessive memory usage.


3) Buffer overflow (CVE-ID: CVE-2020-4204)

The vulnerability allows a local attacker to execute arbitrary code on the system with root privileges.

The vulnerability exists due to improper bounds checking. A local attacker can trigger the vulnerability and execute arbitrary code on the system with root privileges.


4) Input validation error (CVE-ID: CVE-2020-4200)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user can send specially crafted commands to cause a denial of service.


Remediation

Install update from vendor's website.

References