Vulnerability Details
Basic Information
| Title | Security Bulletin: Vulnerability in PyYAML affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2020-14343] |
|---|---|
| Type | ibm |
| Published | 2025-04-26T20:00:36 |
| Last Seen | 2025-04-27T03:07:53 |
| CVSS Score | 9.8 (CRITICAL) |
CVSS v3 Details
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
CVE Information
| CVE IDs | CVE-2020-14343 |
|---|---|
| CWE | |
| Bulletin Family | software |
Description
The PyYAML package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE [CVE-2020-14343].
## Vulnerability Details
**CVEID:**CVE-2020-14343
**DESCRIPTION:** YAML PyYAML could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when processing untrusted YAML files through the full_load method or with the FullLoader loader. By persuading a victim to open a specially-crafted YAML file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
**CWE:**CWE-20: Improper Input Validation
**CVSS Source:** IBM X-Force
**CVSS Base score:** 7.8
**CVSS Vector:**(CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
## Affected Products and Versions
Affected Product(s)| Version(s)
—|—
IBM Cloud Pak for Data System 1.0 | 1.0.0.0- 1.0.8.4
## Remediation/Fixes
**IBM strongly recommends addressing the vulnerability now by upgrading to latest version.**
**Product**| **VRMF**| **Remediation/First Fix**
—|—|—
IBM Cloud Pak for Data System 1.0| 1.0.9.0| Link to Fix Central
## Workarounds and Mitigations
None
##
Impact Assessment
| Base Score | 9.8 |
|---|---|
| Severity | CRITICAL |