SB2022091223 - Multiple vulnerabilities in IBM Security Risk Manager on CP4S

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) Improper input validation (CVE-ID: CVE-2020-5421)

The vulnerability allows a remote authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the Core (Spring Framework) component in Oracle Communications Session Report Manager. A remote authenticated user can exploit this vulnerability to read and manipulate data.

2) Infinite loop (CVE-ID: CVE-2021-27807)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when processing PDF files. A remote attacker can consume all available system resources and cause denial of service conditions.

3) Resource exhaustion (CVE-ID: CVE-2021-27906)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when processing PDF files. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-22118)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in the WebFlux application, which leads to security restrictions bypass and privilege escalation.

5) Cleartext storage of sensitive information (CVE-ID: CVE-2021-38911)

The vulnerability allows an authenticated privileged user to gain access to sensitive information.

The vulnerability exists due to IBM Security Risk Manager stores user credentials in plain clear text. An authenticated privileged user can trigger the vulnerability and gain access to sensitive information.

6) Incorrect default permissions (CVE-ID: CVE-2020-8908)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files located in the temporary directory set by the Guava com.google.common.io.Files.createTempDir(). A local user with access to the system can view contents of files and directories or modify them.

7) Insecure Temporary File (CVE-ID: CVE-2020-15250)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the application is using the test rule TemporaryFolder that stores sensitive information in temporary files in the system temporary directory, accessible by other system users. A local user can read temporary files and obtain sensitive information, related to the application.

8) Resource exhaustion (CVE-ID: CVE-2021-31811)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when processing PDF files. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

9) Infinite loop (CVE-ID: CVE-2021-31812)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when processing PDF files. A remote attacker can consume all available system resources and cause denial of service conditions.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-risk-manager-on-cp4s-is-affected-by-multiple-vulnerabilities/"
• https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-risk-manager-on-cp4s-is-affected-by-multiple-vulnerabilities/</a><br>
• https://www.ibm.com/support/pages/node/6505281<br><br></p>