Memory Corruption in IBM i2 Analyst Notebook 9.2.0 and 9.2.1
CVE-2020-4722

7.8HIGH

Key Information:

Vendor: IBM
Status: I2 Analyst Notebook
Vendor: CVE Published:; 29 October 2020

Summary

IBM i2 Analyst Notebook versions 9.2.0 and 9.2.1 are affected by a memory corruption vulnerability that may allow local attackers to execute arbitrary code on the system. This security risk arises when a victim opens a specially-crafted file, enabling the attacker to exploit the memory issue and gain unauthorized control over the machine. It is essential for users of affected versions to apply the necessary security patches to mitigate this risk.

Affected Version(s)

i2 Analyst Notebook 9.2.1

i2 Analyst Notebook 9.2.0

References

https://www.ibm.com/support/pages/node/6356497

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/187870

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 29, 2020
Vulnerability Reserved
Dec 30, 2019