This security bulletin contains one high risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management. A local user can send specially crafted configuration-related classes on the classpath and exploit this vulnerability to execute arbitrary code with the privileges of the submitting user.Mitigation
Install update from vendor's website.Vulnerable software versions
IBM Watson Discovery for IBM Cloud Pak for Data: before 4.7.0CPE2.3
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?