Bitter APT Group – Active IOCs
May 8, 2024Lazarus aka Hidden Cobra APT Group – Active IOCs
May 9, 2024Bitter APT Group – Active IOCs
May 8, 2024Lazarus aka Hidden Cobra APT Group – Active IOCs
May 9, 2024Severity
High
Analysis Summary
CVE-2024-27273 CVSS:8.1
IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation.
CVE-2023-40694 CVSS:6.2
IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sensitive information in log files that could be read by a local user.
Impact
- Privilege Escalation
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-27273
- CVE-2023-40694
Affected Vendors
Affected Products
- IBM AIX 7.2
- IBM VIOS 3.1
- IBM AIX 7.3
- IBM VIOS 4.1
- IBM Watson CP4D Data Stores 4.0.0
- IBM Watson CP4D Data Stores 4.8.4
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.