IBM Transformation Advisor 2.0.1 through 4.3.1 incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Transformation Advisor Operator Catalog image.
Fixes

Solution

IBM strongly encourages customers to update their systems promptly Product(s)Version(s)Remediation/Fix/InstructionsIBM Transformation Advisor2.0.1 - 4.3.1Install v4.3.2 from OperatorHub page in Red Hat OpenShift Container Platform or locally following this link http://ibm.biz/cloudta-trial .


Workaround

No workaround given by the vendor.

History

Mon, 29 Sep 2025 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:ibm:transformation_advisor:*:*:*:*:*:*:*:*

Wed, 03 Sep 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 03 Sep 2025 19:15:00 +0000

Type Values Removed Values Added
Description IBM Transformation Advisor 2.0.1 through 4.3.1 incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Transformation Advisor Operator Catalog image.
Title IBM Transformation Advisor incorrect permissions
First Time appeared Ibm
Ibm transformation Advisor
Weaknesses CWE-732
CPEs cpe:2.3:a:ibm:transformation_advisor:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:transformation_advisor:4.3.1:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm transformation Advisor
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2025-09-03T20:08:27.956Z

Reserved: 2025-04-15T21:16:24.268Z

Link: CVE-2025-36193

cve-icon Vulnrichment

Updated: 2025-09-03T20:08:24.825Z

cve-icon NVD

Status : Analyzed

Published: 2025-09-03T19:15:34.440

Modified: 2025-09-29T18:35:52.077

Link: CVE-2025-36193

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.