SB2023051621 - Multiple vulnerabilities in IBM Edge Application Manager 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023051621

SB2023051621 - Multiple vulnerabilities in IBM Edge Application Manager

Published: May 16, 2023

Security Bulletin ID SB2023051621
Severity
Medium
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Cross-site request forgery (CVE-ID: CVE-2018-1098)

The vulnerability allows a remote unauthenticated attacker to conduct cross-site request forgery attack and gain elevated privileges on the target system.

The weakness exists due to improper validation of HTTP POST requests. A remote attacker can trick the victim into visiting a specially crafted website and gain privileges of the target user.

2) Improper input validation (CVE-ID: CVE-2018-1099)

The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.

The weakness exists due to improper validation of DNS hostnames. A remote attacker can send specially crafted requests, bypass security restrictions and gain network access to internal systems.

3) Improper Authentication (CVE-ID: CVE-2018-16886)

The vulnerability allows a remote user to bypass authentication process.

The vulnerability exists due to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. A remote user can authenticate as user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway.


4) Infinite loop (CVE-ID: CVE-2020-14040)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.


5) Resource management error (CVE-ID: CVE-2020-15106)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources with the application, as a large slice causes panic in decodeRecord method. A remote attacker can  forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.


6) Resource management error (CVE-ID: CVE-2020-15112)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources with the application, as it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.


7) Improper Preservation of Permissions (CVE-ID: CVE-2020-15113)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to software improperly sets permissions to certain directory paths in case they were previously created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients). A local user can gain unauthorized access to sensitive information on the system.


8) Improper Authentication (CVE-ID: CVE-2020-26160)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to improper validation when processing data passed via m["aud"]. A remote attacker can pass the []string{} string, which is allowed by the specification, however treated as an empty string and bypass authentication checks.


9) Input validation error (CVE-ID: CVE-2021-44716)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


10) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-29526)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the Faccessat function can incorrectly report that a file is accessible, when called with a non-zero flags parameter. An attacker can bypass implemented security restrictions.


Remediation

Install update from vendor's website.

References