IBM Cognos Dashboards on Cloud Pak for Data 4.8.1 has recently addressed multiple vulnerabilities reported in GNU gcc, GNU glibc, shadow-maint shadow-utils, and RabbitMQ. The update specifically targets vulnerabilities such as CVE-2023-4641, CVE-2018-20796, CVE-2023-4039, and CVE-2023-46120. Each vulnerability is detailed with its CVE ID, description, CVSS base score, and vectors, highlighting potential risks associated with these issues.
CVE-2023-4641 exposes shadow-utils to potential exploitation by allowing a local authenticated attacker to gain sensitive information, possibly leading to further system attacks. Similarly, vulnerabilities like CVE-2018-20796 in GNU glibc and CVE-2023-4039 in GNU gcc could enable attackers to cause application crashes or alter program control, posing moderate risks.
Moreover, CVE-2023-46120 affecting RabbitMQ Java Client introduces a denial-of-service threat through a memory overflow exploit by a remote attacker. The affected products and versions include IBM Cognos Dashboards on Cloud Pak for Data 4.0, recommending an upgrade to mitigate these vulnerabilities. While no workarounds or mitigations are suggested, users are encouraged to subscribe to notifications for future security bulletins and refer to related information sources provided by IBM for comprehensive guidance.
The disclosure, published on December 26, 2023, emphasizes the importance of promptly applying the latest security update to address these vulnerabilities. IBM emphasizes the severity of these vulnerabilities and encourages users to evaluate the impact within their specific environments, utilizing the provided CVSS scores and links for further assessment.
Additionally, IBM clarifies its responsibility to address vulnerabilities, even if they pertain to previously unidentified packages in their product offerings, aiming to ensure comprehensive security measures for supported products and versions.