Cloud security daily 220216: root privilege escalation vulnerability found on IBM SaaS integration platform needs to be upgraded as soon as possible

IBM App Connect Professional（ Formerly known as Cast Iron） yes IBM The company will be a cloud based SaaS A platform for integrating applications with native applications . It is a drag and drop development tool for building complex integrated processes .

2 month 15 Japan ,IBM Security updates have been issued , Repair the IBM SaaS Found in the integration platform Root Privilege lifting vulnerability . Here are the details of the vulnerability ：

Vulnerability Details

source : https://www.ibm.com/support/pages/node/6556738

CVE-2021-4034 CVSS score ：7.8 severity : important

Polkit It may allow an attacker with local authentication to gain elevated privileges on the system , This is because pkexec Incorrect processing of parameter vectors in the utility . By making environment variables in a specific way , An attacker can exploit this vulnerability to root Authority to execute orders .

Affected products and versions

App Connect Professional 7.5.4.0

App Connect Professional 7.5.5.0

Solution

App Connect Professional 7.5.4.0 application APAR LI82497 7540 Fix patch ：

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm%2FWebSphere%2FApp+Connect+Professional&release=7.5.4.0&platform=All&function=fixId&fixids=7.5.4.0-WS-ACP-20211208-2245_H28_64-CUMUIFIX-026.vcrypt2,&includeSupersedes=0

App Connect Professional 7.5.5.0 application APAR LI82497 7550 Fix patch ：

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm%2FWebSphere%2FApp+Connect+Professional&release=7.5.5.0&platform=All&function=fixId&fixids=7.5.5.0-WS-ACP-20220208-0829_H31_64-CUMUIFIX-008.builtDockerImage,7.5.5.0-WS-ACP-20220208-0829_H31_64-CUMUIFIX-008.docker,7.5.5.0-WS-ACP-20220208-0829_H31_64-CUMUIFIX-008.vcrypt2,7.5.5.0-WS-ACP-20220208-0829_H31_64-CUMUIFIX-008.sc-linux,7.5.5.0-WS-ACP-20220208-0829_H31_64-CUMUIFIX-008.32bit.sc-linux,7.5.5.0-WS-ACP-20220208-0829_H31_64-CUMUIFIX-008.32bit.sc-win,7.5.5.0-WS-ACP-20220208-0829_H31_64-CUMUIFIX-008.sc-win&includeSupersedes=0

View more vulnerability information And upgrade, please visit the official website ：

https://www.ibm.com/blogs/psirt/