Description
IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privileged access to escalate their privileges to root. By exploiting this flaw, the attacker can execute root‑level commands, obtain a root shell, and change the root user’s password. Successful exploitation also enables modification or removal of system‑wide files and the installation of persistent backdoors. This results in full system compromise with complete loss of confidentiality, integrity, and availability.
Published: 2026-05-27
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker with low‑privileged access to elevate to root, execute arbitrary commands, change the root password, modify system‑wide files, and install persistent backdoors. This results in a full system compromise, causing loss of confidentiality, integrity, and availability. The weakness is a process control flaw (CWE-250).

Affected Systems

IBM Netezza Performance Server Replication Services versions 3.0.2.0 through 3.0.5.0 are affected; the 3.0.5.1 release contains the fix.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity. EPSS is unavailable, and the vulnerability is not listed in CISA KEV. Exploitation requires local low‑privileged access, likely from an internal user or compromised account, and enables the attacker to gain root privileges. Successful attacks lead to full system compromise.

Generated by OpenCVE AI on May 27, 2026 at 15:36 UTC.

Remediation

Vendor Solution

Fixed VersionFix LinkIBM Netezza Performance Server Replication Services 3.0.5.1 Fix Central Link https://www.ibm.com/support/fixcentral/swg/selectFixes

OpenCVE Recommended Actions

  • Apply the IBM Netezza Performance Server Replication Services 3.0.5.1 patch from IBM Fix Central.
  • Restrict local access to replication service accounts and disable any unnecessary privileged local accounts until the patch is applied.
  • Monitor system logs for unusual root shell activity and audit privilege changes to detect exploitation attempts.

Generated by OpenCVE AI on May 27, 2026 at 15:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privileged access to escalate their privileges to root. By exploiting this flaw, the attacker can execute root‑level commands, obtain a root shell, and change the root user’s password. Successful exploitation also enables modification or removal of system‑wide files and the installation of persistent backdoors. This results in full system compromise with complete loss of confidentiality, integrity, and availability.
Title Vulnerabilities exists in IBM Netezza Performance Server Replication Services
First Time appeared Ibm
Ibm netezza Performance Server Replication Services
Weaknesses CWE-250
CPEs cpe:2.3:a:ibm:netezza_performance_server_replication_services:3.0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:netezza_performance_server_replication_services:3.0.5.0:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm netezza Performance Server Replication Services
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Ibm Netezza Performance Server Replication Services
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-05-27T14:43:08.988Z

Reserved: 2026-03-06T02:10:23.503Z

Link: CVE-2026-3623

cve-icon Vulnrichment

Updated: 2026-05-27T14:43:04.796Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:16:47.000

Modified: 2026-05-27T14:53:51.833

Link: CVE-2026-3623

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T15:45:37Z

Weaknesses