Main Vulnerability Database SB2023060926

SB2023060926 - Multiple vulnerabilities in IBM Integrated Analytics System

Published: June 9, 2023

Security Bulletin ID SB2023060926

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Race condition (CVE-ID: CVE-2022-24302)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a race condition in the write_private_key_file() function between creation and chmod operations. A local user can exploit the race and gain unauthorized access to sensitive information.

2) Security features bypass (CVE-ID: CVE-2022-31799)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to mishandling errors during early request binding. A remote attacker can exploit this vulnerability to launch further attacks on the system.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/7002393