SB2018110715 - Multiple vulnerabilities in IBM Cognos Analytics
Published: November 7, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 secuirty vulnerabilities.
1) Security restrictions bypass (CVE-ID: CVE-2018-1842)
The vulnerability allows a local attacker to bypass security restrictions on the target system.
The vulnerability exists due to unspecified flaw. A local unauthenticated attacker can bypass OIDC namespace signature verification on the id_token.
2) Deserialization of untrusted data (CVE-ID: CVE-2017-7525)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to a deserialization flaw in the jackson-databind component. A remote attacker can send a specially crafted input to the readValue method of the ObjectMapper and execute arbitrary code with privileges of the target service.
Successful exploitation of the vulnerability may result in system compromise.
3) Remote code execution (CVE-ID: CVE-2017-15095)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the jackson-databind development library due to improper implementation of blacklists for input handled by the ObjectMapper object readValue method. A remote unauthenticated attacker can send a malicious input and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Data handling (CVE-ID: CVE-2017-12624)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to data handling. A remote attacker can send specially crafted message attachment header and cause the service to crash.
5) Use of cryptographically weak PRNG (CVE-ID: CVE-2018-1426)
The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information and write arbitrary files on the target system.The weakness exists due to IBM GSKit duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which can result in duplicate Session IDs and a risk of duplicate key material. A remote attacker can gain access to potentially sensitive information and write arbitrary files.
6) Integer overflow (CVE-ID: CVE-2018-1427)
The vulnerability allows a local unauthenticated attacker to cause DoS condition on the target system.The weakness exists due to IBM GSKit contains several environment variables. A local attacker can cause the service to crash.
7) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2018-1428)
The vulnerability allows a local unauthenticated attacker to obtain potentially sensitive information on the target system.The weakness exists due to IBM GSKit uses weaker than expected cryptographic algorithms. A local attacker can gain access to potentially sensitive information.
8) Weak passwords requirements (CVE-ID: CVE-2018-1447)
The vulnerability allows a local unauthenticated attacker to obtain potentially sensitive information on the target system.The weakness exists due to the GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. A local attacker can gain access to potentially sensitive information.
9) Resource exhaustion (CVE-ID: CVE-2018-0739)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to excessive stack memory consumption. A remote attacker can cause the service to crash.
10) Information disclosure (CVE-ID: CVE-2017-3732)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to propagating error in the x86_64 Montgomery squaring procedure. A remote attacker with access to unpatched vulnerable system that uses a shared private key with Diffie-Hellman (DH) parameters set can gain unauthorized access to sensitive private key information.
According to vendor’s advisory, this vulnerability is unlikely to be exploited in real-world attacks, as it requires significant resources and online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients.
Vulnerability exploitation against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely.
11) Double free error (CVE-ID: CVE-2016-0705)
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.The weakness exists due to double-free error when parsing DSA private keys. A remote attacker can trigger memory corruption and cause the service to crash.
12) Improper input validation (CVE-ID: CVE-2017-3737)
The vulnerability allows a remote attacker to gain access to potentially sensitive information on the target system.The weakness exists due to an "error state mechanism" when SSL_read() or SSL_write() is called directly after SSL object. A remote attacker can a specially crafted input, trigger a fatal error during a handshake and return it in the initial function call to access or modify sensitive information.
13) Carry propagation issue (CVE-ID: CVE-2017-3736)
The vulnerability allows a remote attacker to decrypt data.The vulnerability exists due to carry propagating bug in the x86_64 Montgomery squaring procedure (bn_sqrx8x_internal). A remote attacker can decrypt encrypted data. The vulnerability affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.
14) Out-of-bounds read (CVE-ID: CVE-2017-3735)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to one-byte out-of-bounds read when parsing an IPAddressFamily extension in an X.509 certificate. A remote attacker can disguise text display of the certificate.
Remediation
Install update from vendor's website.