Primary

Context

IBM InfoSphere Data Replication VSAM for z/OS Remote Source Stack-Based Buffer Overflow Vulnerability

Vulnerability

Patched

A stack-based buffer overflow vulnerability has been identified in IBM InfoSphere Data Replication VSAM for z/OS Remote Source version 11.4. This vulnerability arises from improper bounds checking, allowing a local user with access to files containing CECSUB or CECRM to overflow the buffer and execute arbitrary code on the system.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution on the affected system.

Remediation

This vulnerability has been resolved in APAR PH67757, available as version 11.4.0.22 for VSAM Remote Source x86 container on Fix Central.

Added: Oct 7, 2025, 7:06 PM

Updated: Oct 7, 2025, 7:06 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

10.0

exploitability

3.5

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

10.0

exploitability

3.5

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM InfoSphere Data Replication VSAM for z/OS Remote Source Stack-Based Buffer Overflow Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM InfoSphere Data Replication VSAM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating