Primary

Context

IBM Licensing Operator Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability has been identified in the IBM Licensing Operator. The issue arises because the operator incorrectly assigns permissions to security-sensitive files, potentially allowing local root access within containers running the affected IBM Licensing Operator image. This vulnerability is linked to incorrect permission assignments for critical resources, as highlighted by the Common Weakness Enumeration (CWE) identifier CWE-732.

Impact

Exploitation of this vulnerability could lead to unauthorized local root access within containers running the affected IBM Licensing Operator image.

Remediation

Users can upgrade to IBM License Service version 4.2.18 to address this vulnerability.

Added: Jan 20, 2026, 3:44 PM

Updated: Jan 20, 2026, 3:44 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Licensing Operator Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating