Skip to main content

Netezza Performance Server CVE-2026-3623

| EUVDEUVD-2026-32279 HIGH
Execution with Unnecessary Privileges (CWE-250)
2026-05-27 psirt@us.ibm.com GHSA-wwj4-rjmm-2rvv
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
May 27, 2026 - 20:56 vuln.today

DescriptionCVE.org

IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privileged access to escalate their privileges to root. By exploiting this flaw, the attacker can execute root‑level commands, obtain a root shell, and change the root user’s password. Successful exploitation also enables modification or removal of system‑wide files and the installation of persistent backdoors. This results in full system compromise with complete loss of confidentiality, integrity, and availability.

AnalysisAI

Local privilege escalation in IBM Netezza Performance Server Replication Services (versions 3.0.2.0 through 3.0.5.0) allows an already-authenticated, low-privileged user on the appliance to gain full root control. By abusing the over-privileged Replication Services component the attacker can execute root-level commands, spawn a root shell, reset the root password, alter or delete system-wide files, and plant persistent backdoors, resulting in complete loss of confidentiality, integrity, and availability. There is no public exploit identified at time of analysis, and no EPSS score was supplied in the source data, so the issue currently reflects vendor-reported risk rather than observed exploitation.

Technical ContextAI

The flaw is classified as CWE-250 (Execution with Unnecessary Privileges), meaning a component of the Replication Services subsystem in IBM Netezza Performance Server runs with more privilege (root) than its function requires, and a lower-privileged caller can leverage that elevated context to perform root-level actions. Netezza Performance Server is IBM's data-warehouse appliance platform (the successor to the PureData/Netezza appliance line), and Replication Services is the subsystem responsible for synchronizing data between Netezza systems for high availability and disaster recovery. Because such replication daemons and helper utilities frequently need elevated access to manage filesystems, services, and database state, an improperly dropped or improperly constrained privilege boundary in this component lets a local user cross from an ordinary appliance account to root. No CPE strings were provided in the source data, so exact platform/build identifiers must be taken from the IBM advisory rather than NVD CPE matching.

RemediationAI

Apply the fix described in the IBM advisory at https://www.ibm.com/support/pages/node/7272148; a patch is available per the vendor advisory, but the exact fixed version was not included in the provided data and must be read directly from that bulletin (do not assume a version number). Because exploitation requires a local, low-privileged account, the most effective compensating control until patching is to tightly restrict who holds interactive or service accounts on the Netezza appliance: remove or disable unnecessary local logins and shell access, and enforce least privilege on the Replication Services account so that only trusted administrators can reach the affected component - the trade-off is operational friction for legitimate replication operators. Additionally, audit and monitor for unexpected use of root-equivalent commands, sudden root password changes, or unexplained modification of system-wide files on the appliance, since these are the direct effects described for this flaw; this is detection-only and does not prevent exploitation. Where high-availability replication can tolerate a maintenance window, prioritizing the upgrade over long-lived workarounds is preferable because no workaround fully closes a privilege-boundary defect of this type.

Share

CVE-2026-3623 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy