SB2024070927 - Permissions, privileges, and access controls in IBM Maximo Asset Management



SB2024070927 - Permissions, privileges, and access controls in IBM Maximo Asset Management

Published: July 9, 2024

Security Bulletin ID SB2024070927
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-3933)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges on the system.

The vulnerability occurs when executing an arraycopy sequence while the Concurrent Scavenge Garbage Collection cycle is active and the source and destination memory regions for arraycopy overlap. A local user can exploit the vulnerability to read and write to addresses beyond the end of the array range.


Remediation

Install update from vendor's website.