SB2023090611 - Multiple vulnerabilities in IBM Intelligent Operations Center (IOC) 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023090611

SB2023090611 - Multiple vulnerabilities in IBM Intelligent Operations Center (IOC)

Published: September 6, 2023

Security Bulletin ID SB2023090611
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Infinite loop (CVE-ID: CVE-2018-11797)

The vulnerability vulnerability allows an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a target system.

The vulnerability exists in the Apache PDFBox parser due to improper processing of PDF files when parsing the page tree. A remote attacker can trick the victim into opening a PDF file that submits malicious input to the targeted system, trigger an infinite loop condition, which could lead to an out-of-memory exception and result in a DoS condition.


2) Input validation error (CVE-ID: CVE-2016-2175)

The vulnerability allows a local authenticated user to execute arbitrary code.

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF. <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>


Remediation

Install update from vendor's website.

References