High Severity

Security Bulletin: TS3000 (TSSC/IMC) is vulnerable to privilege escalation vulnerability due to polkit ( CVE-2021-4034 )

Share this post:

A privilege escalation vulnerability has been discovered in pkexec, a component of polkit. The TSSC does not use pkexec, but the executable does exist on the system. A patch has been provided that removes the executable from the file system.

CVE(s): CVE-2021-4034

Affected product(s) and affected version(s):

Affected Product Version
TSSC/IMC 9.2.16
TSSC/IMC 9.2.14
TSSC/IMC 9.2.11
TSSC/IMC 9.1.11
TSSC/IMC 9.1.9
TSSC/IMC 9.1.7
TSSC/IMC 9.0.6
TSSC/IMC 9.0.4
TSSC/IMC 8.6.6
TSSC/IMC 8.5.5

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6583163
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/218087

More stories

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to CVE-2022-31129

August 10, 2022 | High Severity

Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to CVE-2022-31129 with details below ...read more


Security Bulletin: Multiple security vulnerabilities has been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics

August 10, 2022 | High Severity

IBM® DB2® is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin (CVE-2022-22389, CVE-2022-22390, CVE-2022-25313, CVE-2022-25236, CVE-2022-25235, CVE-2022-25314, CVE-2022-25315). ...read more


Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities

August 10, 2022 | High Severity

Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities with details below ...read more