Unrated severityNVD Advisory· Published Aug 3, 2020· Updated Sep 17, 2024

CVE-2020-4550

Description

IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183318.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM i2 Analyst Notebook 9.2.1 and 9.2.2 are vulnerable to memory corruption that allows local attackers to execute arbitrary code via a specially crafted file.

Vulnerability

IBM i2 Analyst Notebook versions 9.2.1 and 9.2.2 contain a memory corruption vulnerability [1]. The flaw exists in the parsing of specially-crafted files, which can be triggered when a victim opens a malicious file. No special configuration is required; the vulnerable code path is reachable through normal file opening operations.

Exploitation

An attacker must convince a user to open a specially-crafted file using the affected software. The attacker does not need prior authentication or network access; the attack is local and requires user interaction. Upon opening the file, the memory corruption is triggered, leading to arbitrary code execution.

Impact

Successful exploitation allows the attacker to execute arbitrary code on the victim's system with the privileges of the user running IBM i2 Analyst Notebook. This can result in full compromise of confidentiality, integrity, and availability of the affected system.

Mitigation

IBM has released a security bulletin [1] addressing this vulnerability. Users should upgrade to the latest fixed version as specified in the bulletin. No workarounds are documented; applying the patch is the recommended mitigation.

References

Security Bulletin: IBM i2 Analysts' Notebook and IBM i2 Analysts' Notebook Premium Memory vulnerabilities

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

IBM/i2 Analyst Notebookllm-create
Range: 9.2.1, 9.2.2
IBM/i2 Analyst Notebookv5
Range: 9.2.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

exchange.xforce.ibmcloud.com/vulnerabilities/183318mitrevdb-entryx_refsource_XF
www.ibm.com/support/pages/node/6254694mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000