IBM Support

Security Bulletin: IBM PureData System for Analytics vulnerable to unauthorized access and modification of local files (CVE 2013-5374)

Created by Shelly Faith on

Security Bulletin


Summary

It is possible to read and modify local files via unknown vectors. Exploitation requires authentication and specific permissions. Confidentiality and integrity may be partially impacted and availability may be fully impacted.

Vulnerability Details

CVE ID: CVE-2013-5374

CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/86808 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:C)

Affected Products and Versions

All Netezza Performance Server versions prior to 7.1.0.1 are affected.

Remediation/Fixes

For versions prior to 7.1 upgrade to version 7.1 and install FixPack 7.1.0.1 or later. For version 7.1 install FixPack 7.1.01 or later. Netezza Performance Server FixPacks are available for download from IBM’s Fix Central.

Workarounds and Mitigations

Reducing a user’s permission will prevent that user from exploiting the vulnerability. This can be accomplished via the command line on the host or the Netezza Administration GUI interface.

Get Notified about Future Security Bulletins

References

Off

Change History

04-11-2014: Original version published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"SSULQD","label":"IBM PureData System"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Component":"Administration","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.0.0","Edition":"Advanced","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
19 August 2022

UID

swg21670047