Security Bulletin
Summary
It is possible to read and modify local files via unknown vectors. Exploitation requires authentication and specific permissions. Confidentiality and integrity may be partially impacted and availability may be fully impacted.
Vulnerability Details
CVE ID: CVE-2013-5374
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/86808 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:C)
Affected Products and Versions
All Netezza Performance Server versions prior to 7.1.0.1 are affected.
Remediation/Fixes
For versions prior to 7.1 upgrade to version 7.1 and install FixPack 7.1.0.1 or later. For version 7.1 install FixPack 7.1.01 or later. Netezza Performance Server FixPacks are available for download from IBM’s Fix Central.
Workarounds and Mitigations
Reducing a user’s permission will prevent that user from exploiting the vulnerability. This can be accomplished via the command line on the host or the Netezza Administration GUI interface.
Get Notified about Future Security Bulletins
References
Change History
04-11-2014: Original version published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
19 August 2022
UID
swg21670047