Smart/RESTART 20.1 Vulnerabilities
Smart/Restart
37715
24 June 2026
23 June 2026
CLOSED
HIGH
8.8
None
N/A
Through ongoing internal product security reviews, Broadcom Mainframe Software discovered multiple vulnerabilities in RAI Base of Smart/RESTART 20.1.
This vulnerability applies to the following products: Smart/RESTART 20.1, Smart/RRSAF 20.1, REXX Language Xtensions (RLX) 20.1, TASKLIB+ 20.1.
| Product Name | RAI base 20.1, Smart/RESTART 20.1 , Smart/RRSAF 20.1 , REXX Language Xtensions (RLX) 20.1, TASKLIB+ 20.1 |
| Affected component(s) | FMID:CRAIK10 |
| Version PE was Introduced | FMID in Error: CRAIK10 Published Date: 08-22-2022 |
| Severity | HIGH |
| CVE | None |
| CVSS Score |
Base:8.8 Temporal:7.7 Base:7.8 Temporal:3.5 Base:6.5 Temporal:3.5 |
| CVSS Vector |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/ |
| CVSS Description | This vulnerability requires local access to the vulnerable system. Exploitation of this vulnerability will have repeatable results and success. There are no specialized access conditions or extenuating circumstances to make the exploitation complex. This vulnerability requires the attacker to have basic privileges on the system. Exploitation of the vulnerability does not require any user interaction. An escalation of privilege may be possible with this vulnerability. There is a total loss of confidentiality, integrity, availability. No exploit code is available, or an exploit is completely theoretical. |
| Solution | LU20903 |
| Platform(s) | z/OS |
Broadcom customers may receive alerts and advisories by subscribing to Proactive Notifications.
If you missed any Mainframe Security Advisory alerts, you can find all under Mainframe Security Advisories on the customer support portal.
To download a .CSV or .JSON file that contains a consolidated list of security advisories affecting Broadcom mainframe products, click here for download instructions. You can use this file to easily search the CVE information.
Broadcom SECINT HOLDDATA is incorporated into our standard HOLDDATA file downloads. Therefore, it is not necessary to download any additional HOLDDATA files. Broadcom recommends that you use SMP/E Receive Order to acquire HOLDDATA and maintenance.
Customers who require additional information about this notice may contact Broadcom Support at: Support.Broadcom.com.
According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." For an explanation of the CVSS scoring system and a description of each metric, please visit https://www.first.org/cvss/v3.
BROADCOM PROVIDES THE CVSS BASE AND TEMPORAL SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY IN THEIR SPECIFIC ENVIRONMENT. BROADCOM DOES NOT PROVIDE A CVSS ENVIRONMENT SCORE. THE CVSS ENVIRONMENT SCORE IS CUSTOMER ENVIRONMENT SPECIFIC AND WILL IMPACT THE OVERALL CVSS SCORE. CUSTOMERS SHOULD EVALUATE THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY AND CAN CALCULATE A CVSS ENVIRONMENT SCORE.
The CVSS score and all other information describing the security matter is Broadcom confidential and may be used by you for internal purposes only and may not be disclosed to any third party without Broadcom's prior written consent.
 |
|