SB2023091331 - Multiple vulnerabilities in IBM Robotic Process Automation for Cloud Pak 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023091331

SB2023091331 - Multiple vulnerabilities in IBM Robotic Process Automation for Cloud Pak

Published: September 13, 2023

Security Bulletin ID SB2023091331
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 20% Medium 50% Low 30%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Type conversion (CVE-ID: CVE-2020-10735)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion in algorithms with quadratic time complexity when using non-binary bases within the int() call. A remote attacker can pass specially crafted data to the affected application and perform a denial of service (DoS) attack.


2) Resource exhaustion (CVE-ID: CVE-2022-45061)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of an unnecessary quadratic algorithm in one path when processing some inputs to the IDNA (RFC 3490) decoder. A remote attacker can pass a specially crafted name to he decoder, trigger resource excessive CPU consumption and perform a denial of service (DoS) attack.


3) Out-of-bounds write (CVE-ID: CVE-2022-3627)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing TIFF images within the _TIFFmemcpy() function in libtiff/tif_unix.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.


4) Integer overflow (CVE-ID: CVE-2022-3970)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the TIFFReadRGBATileExt() function in libtiff/tif_getimage.c. A remote attacker can trick the victim to open a specially crafted TIFF file, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


5) Input validation error (CVE-ID: CVE-2022-35252)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the way curl handles cookies with control codes (byte values below 32). When cookies that contain such control codes are later sent back to an HTTP(S) server, it might make the server return a 400 response, effectively allowing a "sister site" to deny service to siblings.


6) Use-after-free (CVE-ID: CVE-2022-43552)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error while processing denied requests from HTTP proxies when using SMB or TELNET protocols. A remote attacker can trigger a use-after-free error and crash the application.



7) State Issues (CVE-ID: CVE-2023-27535)

The vulnerability allows a remote attacker to gain unauthorized access to FTP server.

The vulnerability exists due to cURL will reuse a previously created FTP connection even when one or more options had been changed that could have made the effective user a very different one. A remote attacker can connect to the FTP server using credentials supplied by another user and gain access to otherwise restricted functionality.

The settings in questions are CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC and CURLOPT_USE_SSL level.


8) NULL pointer dereference (CVE-ID: CVE-2022-36227)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in libarchive. A remote attacker can pass a specially crafted archive to the application and perform a denial of service (DoS) attack.


9) Inadequate Encryption Strength (CVE-ID: CVE-2023-0361)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to an error in the TLS RSA key exchange. A remote attacker can perform Bleichenbacher oracle attack and decrypt information.


10) Resource exhaustion (CVE-ID: CVE-2023-2828)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can cause the amount of memory used by a named resolver to go well beyond the configured max-cache-size limit. The effectiveness of the attack depends on a number of factors (e.g. query load, query patterns), but since the default value of the max-cache-size statement is 90%, in the worst case the attacker can exhaust all available memory on the host running named, leading to a denial-of-service condition.


Remediation

Install update from vendor's website.

References