IBM Business Automation Manager Open Editions update for Eclipse JGit



Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-4759
CWE-ID CWE-59
Exploitation vector Network
Public exploit N/A
Vulnerable software
IBM Business Automation Manager Open Editions
Other software / Other software solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Link following

EUVDB-ID: #VU81948

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-4759

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a remote attacker to overwrite files on the system.

The vulnerability exists due to an insecure link following. A remote attacker can place a specially crafted symbolic link into the repository, trick the victim into cloning it and overwrite arbitrary files on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Business Automation Manager Open Editions: 8.0.5

CPE2.3 External links

https://www.ibm.com/support/pages/node/7182315


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###