SB2022081102 - Security restrictions bypass in Platform Navigator and Automation Assets in IBM Cloud Pak for Integration
Published: August 11, 2022
Security Bulletin ID
SB2022081102
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-29526)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the Faccessat function can incorrectly report that a file is accessible, when called with a non-zero flags parameter. An attacker can bypass implemented security restrictions.
Remediation
Install update from vendor's website.
References
- https://www.ibm.com/blogs/psirt/security-bulletin-platform-navigator-and-automation-assets-in-ibm-cloud-pak-for-integration-are-vulnerable-to-remote-access-due-to-go-cve-2022-29526/"
- https://www.ibm.com/blogs/psirt/security-bulletin-platform-navigator-and-automation-assets-in-ibm-cloud-pak-for-integration-are-vulnerable-to-remote-access-due-to-go-cve-2022-29526/</a><br><a
- https://www.ibm.com/support/pages/node/6611581"
- https://www.ibm.com/support/pages/node/6611581</a><br><br><br></p>