Vulnerability Details
Basic Information
| Title | Security Bulletin: Vulnerability in Babel affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2021-42771] |
|---|---|
| Type | ibm |
| Published | 2025-04-26T19:34:31 |
| Last Seen | 2025-04-27T03:07:52 |
| CVSS Score | 7.8 (HIGH) |
CVSS v3 Details
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
CVE Information
| CVE IDs | CVE-2021-42771 |
|---|---|
| CWE | |
| Bulletin Family | software |
Description
The Babel package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE [CVE-2021-42771].
## Vulnerability Details
**CVEID:**CVE-2021-42771
**DESCRIPTION:** Python-Babel Babel could allow a local authenticated attacker to traverse directories on the system, caused by a flaw in the Babel.Locale function. An attacker could load a specially-crafted .dat file containing “dot dot” sequences (/../) to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211766 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
## Affected Products and Versions
Affected Product(s)| Version(s)
—|—
IBM Cloud Pak for Data System 1.0| 1.0.0.0- 1.0.8.4
## Remediation/Fixes
**IBM strongly recommends addressing the vulnerability now by upgrading to latest version.**
**Product**| **VRMF**| **Remediation/First Fix**
—|—|—
IBM Cloud Pak for Data System 1.0| 1.0.9.0| Link to Fix Central
## Workarounds and Mitigations
None
##
Impact Assessment
| Base Score | 7.8 |
|---|---|
| Severity | HIGH |