SB2022090137 - Multiple vulnerabilities in IBM Cloud Transformation Advisor

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) Improper input validation (CVE-ID: CVE-2021-22931)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the Cluster: General (Node.js) component in MySQL Cluster. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.

2) Improper Certificate Validation (CVE-ID: CVE-2021-22939)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to incomplete validation of rejectUnauthorized parameter. A remote attacker can cause the connections to servers with an expired certificate would have been accepted.

3) Out-of-bounds read (CVE-ID: CVE-2021-22918)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in uv__idna_toascii() function in libuv, which is used to convert strings to ASCII. A remote attacker can force the application to resolve a specially crafted hostname, trigger an out-of-bounds read error and gain access to sensitive information or perform a denial of service (DoS) attack.

4) Incorrect default permissions (CVE-ID: CVE-2021-22921)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists in Windows installer due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can view contents of files and directories or modify them.

5) Use-after-free (CVE-ID: CVE-2021-22940)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error. A remote attacker can change process behavior.

6) Use-after-free (CVE-ID: CVE-2021-22930)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTTP/2 stream canceling requests. A remote attacker can send a specially crafted HTTP/2 request, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-multiple-node-js-vulnerabilities-6/"
• https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-multiple-node-js-vulnerabilities-6/</a><br><a
• https://www.ibm.com/support/pages/node/6493863"
• https://www.ibm.com/support/pages/node/6493863</a><br><br><br></p>