Improper privilege management in IBM Watson Discovery Cartridge for IBM Cloud Pak for Data



Published: 2023-09-18
Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-22946
CWE-ID CWE-269
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
IBM Watson Discovery for IBM Cloud Pak for Data
Server applications / Other server solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Improper Privilege Management

EUVDB-ID: #VU78721

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22946

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management. A local user can send specially crafted configuration-related classes on the classpath and exploit this vulnerability to execute arbitrary code with the privileges of the submitting user.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Watson Discovery for IBM Cloud Pak for Data: before 4.7.0

External links

http://www.ibm.com/support/pages/node/7002185


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###