Mike Whale

**Name of the Vulnerable Software and Affected Versions** IBM Transformation Advisor versions 2.0.1 through 4.3.1 **Description** IBM Transformation Advisor incorrectly assigns privileges to security critical files. This could allow a local root escalation within a container running the IBM Transformation Advisor Operator Catalog image. **Recommendations** Apply necessary privilege restrictions to security critical files in IBM Transformation Advisor versions 2.0.1 through 4.3.1.

**Name of the Vulnerable Software and Affected Versions** OpenShift Mirror Registry (affected versions not specified) **Description** A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd` file. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.