Multiple vulnerabilities in IBM Integrated Analytics System
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2021-47301 CVE-2024-27070 |
| CWE-ID | CWE-416 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
IBM Integrated Analytics System Web applications / Other software |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU90098
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47301
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the igb_clean_tx_ring() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233587
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU90176
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27070
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the f2fs_filemap_fault() function in fs/f2fs/file.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233587
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
