SB2018072004 - Multiple vulnerabilities in IBM Cognos Business Intelligence Server

Security Bulletin ID SB2018072004

Severity

High

Patch available

YES

Number of vulnerabilities 28

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 28 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2017-3735)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to one-byte out-of-bounds read when parsing an IPAddressFamily extension in an X.509 certificate. A remote attacker can disguise text display of the certificate.

2) Carry propagation issue (CVE-ID: CVE-2017-3736)

The vulnerability allows a remote attacker to decrypt data.

The vulnerability exists due to carry propagating bug in the x86_64 Montgomery squaring procedure (bn_sqrx8x_internal). A remote attacker can decrypt encrypted data. The vulnerability affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.

3) Improper input validation (CVE-ID: CVE-2017-3737)

The vulnerability allows a remote attacker to gain access to potentially sensitive information on the target system.

The weakness exists due to an "error state mechanism" when SSL_read() or SSL_write() is called directly after SSL object. A remote attacker can a specially crafted input, trigger a fatal error during a handshake and return it in the initial function call to access or modify sensitive information.

4) Resource exhaustion (CVE-ID: CVE-2018-0739)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to excessive stack memory consumption. A remote attacker can cause the service to crash.

5) Deserialization of untrusted data (CVE-ID: CVE-2017-7525)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a deserialization flaw in the jackson-databind component. A remote attacker can send a specially crafted input to the readValue method of the ObjectMapper and execute arbitrary code with privileges of the target service.

Successful exploitation of the vulnerability may result in system compromise.

6) Data handling (CVE-ID: CVE-2017-12624)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to data handling. A remote attacker can send specially crafted message attachment header and cause the service to crash.

7) Remote code execution (CVE-ID: CVE-2017-15095)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in the jackson-databind development library due to improper implementation of blacklists for input handled by the ObjectMapper object readValue method. A remote unauthenticated attacker can send a malicious input and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

8) Cross-site scripting (CVE-ID: CVE-2018-1413)

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The weakness exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

9) Information disclosure (CVE-ID: CVE-2018-2579)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit Libraries component. A remote attacker can partially access data.

10) Information disclosure (CVE-ID: CVE-2018-2588)

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit LDAP component. A remote attacker can partially access data.

11) Denial of service (CVE-ID: CVE-2018-2663)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit Libraries component. A remote attacker can cause partial denial of service conditions.

12) Denial of service (CVE-ID: CVE-2018-2677)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw in the Java SE, Java SE Embedded AWT component. A remote attacker can cause partial denial of service conditions.

13) Denial of service (CVE-ID: CVE-2018-2678)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit JNDI component. A remote attacker can cause partial denial of service conditions.

14) Security restrictions bypass (CVE-ID: CVE-2018-2599)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit JNDI component. A remote attacker can partially modify data and cause partial denial of service conditions.

15) Security restrictions bypass (CVE-ID: CVE-2018-2603)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit Libraries component. A remote attacker can cause partial denial of service conditions.

16) Denial of service (CVE-ID: CVE-2018-2657)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw in the Java SE, JRockit Serialization component. A remote attacker can cause partial denial of service conditions.

17) Information disclosure (CVE-ID: CVE-2018-2618)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit JCE component. A remote attacker can access data.

18) Information disclosure (CVE-ID: CVE-2018-2634)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a flaw in the Java SE, Java SE Embedded JGSS component. A remote attacker can access data.

19) Security restrictions bypass (CVE-ID: CVE-2018-2637)

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit JMX component. A remote attacker can access and modify data.

20) Security restrictions bypass (CVE-ID: CVE-2018-2800)

The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information and write arbitrary files on the target system.

The weakness exists in the Java SE, JRockit component of Oracle Java SE due to improper security restrictions. A remote attacker can trick the victim into opening a specially crafted file, update, insert or delete some of Java SE, JRockit accessible data and gain unauthorized read access to a subset of Java SE, JRockit accessible data.

21) Security restrictions bypass (CVE-ID: CVE-2018-2795)