SB2023092124 - Multiple vulnerabilities in IBM Cloud Pak for Security (CP4S)
Published: September 21, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 61 secuirty vulnerabilities.
1) Observable discrepancy (CVE-ID: CVE-2021-29445)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. A remote attacker can gain unauthorized access to sensitive information on the system.
2) Observable discrepancy (CVE-ID: CVE-2021-33560)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to observable discrepancy. A remote attacker can gain unauthorized access to sensitive information on the system.
3) Prototype pollution (CVE-ID: CVE-2022-37616)
The vulnerability allows a remote attacker to execute arbitrary JavaScript code.
The vulnerability exists in the function copy in dom.js in the xmldom package for Node.js via the p variable. A remote attacker can pass specially crafted input to the application and perform prototype pollution, which can result in information disclosure or data manipulation.
4) UNIX symbolic link following (CVE-ID: CVE-2021-28153)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue, when g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
5) Information disclosure (CVE-ID: CVE-2021-3800)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can trick the victim into opening a specially crafted file to gain unauthorized access to sensitive information on the system.
6) Improper input validation (CVE-ID: CVE-2021-3572)
The vulnerability allows a remote authenticated user to manipulate data.
The vulnerability exists due to improper input validation within the Policy (python-pip) component in Oracle Communications Cloud Native Core Policy. A remote authenticated user can exploit this vulnerability to manipulate data.
7) Path traversal (CVE-ID: CVE-2021-42771)
The vulnerability allows a remote attacker to user compromise the affected system.
The vulnerability exists due to input validation error when processing directory traversal sequences within the locale .dat files in Babel.Locale. A remote user can load a malicious .dat file containing serialized Python objects and execute arbitrary code on the system.
8) Out-of-bounds read (CVE-ID: CVE-2019-20838)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and X or R has more than one fixed quantifier, a related issue to CVE-2019-20454.
9) Integer overflow (CVE-ID: CVE-2020-14155)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow. A remote attacker can pass a large number after a (?C substring, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Incorrect Regular Expression (CVE-ID: CVE-2020-28493)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect subpattern applied to untrusted input. A remote attacker can pass specially crafted data to the application and perform a regular expression DoS (ReDOS) attack.
11) Improper input validation (CVE-ID: CVE-2021-3200)
The vulnerability allows a local non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Signaling (libsolv) component in Oracle Communications Cloud Native Core Policy. A local non-authenticated attacker can exploit this vulnerability to perform service disruption.
12) Resource exhaustion (CVE-ID: CVE-2021-25219)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to BIND does not properly control consumption of internal resources when processing lame cache. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
13) Resource exhaustion (CVE-ID: CVE-2020-36049)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
14) Observable discrepancy (CVE-ID: CVE-2021-29446)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. A remote attacker can gain unauthorized access to sensitive information on the system.
15) Observable discrepancy (CVE-ID: CVE-2021-29444)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. A remote attacker can gain unauthorized access to sensitive information on the system.
16) Insufficient verification of data authenticity (CVE-ID: CVE-2021-4122)
The vulnerability allows a local attacker to escalate privileges on the system.The vulnerability exists due to improper handling of the LUKS2 reencryption recover. A local attacker with physical access to the medium can send a specially crafted LUKS header and trick cryptsetup into disabling encryption during the recovery of the device.
17) Infinite loop (CVE-ID: CVE-2022-0778)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the BN_mod_sqrt() function when processing an ASN.1 certificate that contains elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. A remote attacker can supply a specially crafted certificate to the TLS server or client, consume all available system resources and cause denial of service conditions.
18) NULL pointer dereference (CVE-ID: CVE-2021-23841)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the X509_issuer_and_serial_hash() function when parsing the issuer field in the X509 certificate. A remote attacker can supply a specially crafted certificate, trigger a NULL pointer dereference error and perform a denial of service (DoS) attack.
19) Input validation error (CVE-ID: CVE-2021-23840)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input during EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate calls. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
20) Out-of-bounds read (CVE-ID: CVE-2021-3712)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing ASN.1 strings related to a confusion with NULL termination of strings in array. A remote attacker can pass specially crafted data to the application to trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
21) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2021-3445)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient verification of cryptographic signature in libdnf. A remote attacker can create a specially crafted RPM package with altered header information, trick the victim into installing it and compromise the affected system.
22) Integer underflow (CVE-ID: CVE-2020-24370)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).
23) NULL pointer dereference (CVE-ID: CVE-2020-16135)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in tftpserver.c if ssh_buffer_new returns NULL. A remote attacker can perform a denial of service (DoS) attack.
24) Buffer overflow (CVE-ID: CVE-2021-3634)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when handling shared secrets. A remote attacker can supply a shared secret of a different size, trigger a memory corruption during the second key re-exchange and crash the application or potentially execute arbitrary code.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
25) Cross-site request forgery (CVE-ID: CVE-2021-32677)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website, such as act as a mitigating workaround.
26) Code Injection (CVE-ID: CVE-2022-25893)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to usage of prototype lookup for the WeakMap.prototype.set method. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
27) Improper access control (CVE-ID: CVE-2022-36067)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper access restrictions. A remote attacker can bypass the sandbox protections and execute arbitrary code on the host running the sandbox.
28) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2021-3521)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an error in RPM's signature functionality, as RPM does not check the binding signature of subkeys before importing them. A remote attacker with ability to add malicious subkey to a legitimate public key can run malicious code on the system.
29) Out-of-bounds read (CVE-ID: CVE-2021-20266)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the hdrblobInit() function in lib/header.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
30) NULL pointer dereference (CVE-ID: CVE-2020-13950)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in mod_proxy_http. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
31) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2021-40528)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to use of a broken or risky cryptographic algorithm in the ElGamal implementation. A remote attacker can gain unauthorized access to sensitive information on the system.
32) Out-of-bounds write (CVE-ID: CVE-2020-12762)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the "printbuf_memappend". A remote attacker can create a specially crafted JSON file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
33) Cross-site scripting (CVE-ID: CVE-2022-24891)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in org.owasp.esapi:esapi. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
34) Integer overflow (CVE-ID: CVE-2022-29824)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*). A remote attacker can pass specially crafted multi-gigabyte XML file to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
35) Use-after-free (CVE-ID: CVE-2022-23308)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing ID and IDREF attributes in valid.c. A remote attacker can pass specially crafted XML input to the application, trigger a use-after-free error and crash the application or execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
36) Out-of-bounds read (CVE-ID: CVE-2021-36087)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the ebitmap_match_any() function within the CIL compiler in SELinux. A local user can trigger an out-of-bounds read error and perform denial of service attack.
37) Use-after-free (CVE-ID: CVE-2021-36086)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cil_reset_classpermission() function in CIL compiler in SELinux. A local user can perform a denial of service (DoS) attack.38) Use-after-free (CVE-ID: CVE-2021-36085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the __cil_verify_classperms() function in CIL compiler in SELinux. A local user can perform a denial of service (DoS) attack.39) Use-after-free (CVE-ID: CVE-2021-36084)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the __cil_verify_classperms() function in CIL compiler in SELinux. A local user can perform a denial of service (DoS) attack.
40) Buffer Over-read (CVE-ID: CVE-2019-17595)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read issue in the "fmt_entry" function in "tinfo/comp_hash.c" in the terminfo library. A remote attacker can trigger a buffer over-read condition and cause a denial of service condition on the target system.41) Heap-based buffer overflow (CVE-ID: CVE-2019-17594)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the "_nc_find_entry" function in "tinfo/comp_hash.c" in the terminfo library. A remote attacker can trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
42) Infinite loop (CVE-ID: CVE-2021-20270)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop. A remote attacker can consume all available system resources and cause denial of service conditions.
43) Resource management error (CVE-ID: CVE-2021-27291)
The vulnerability allows a remote attacker to perform a denial of service (ReDoS) attack.
The vulnerability exists due to improper management of internal resources within the application. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDoS) attack.
44) Integer overflow (CVE-ID: CVE-2018-20673)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow (for "Create an array for saving the template argument values") in the demangle_template function in cplus-dem.c in GNU libiberty. A remote attacker can supply a specially crafted ELF file, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.
45) Path traversal (CVE-ID: CVE-2022-23457)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in getValidDirectoryPath. A remote attacker can send a specially crafted HTTP request and allow control-flow bypass checks to be defeated.
46) Input validation error (CVE-ID: CVE-2020-13435)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in sqlite3ExprCodeTarget() function in expr.c. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
47) Improper Control of Dynamically-Managed Code Resources (CVE-ID: CVE-2022-25878)
The vulnerability allows a remote attacker to modify data on the system.
The vulnerability exists due to Prototype Pollution error in protobufjs. A remote unauthenticated attacker can provide an untrusted user input to the util.setProperty or to the ReflectionObject.setParsedOption functions, and also by parse/load .proto files to modify data on the system.
48) Input validation error (CVE-ID: CVE-2019-19603)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when processing SELECT statements with a nonexistent VIEW. A remote attacker can perform a denial of service attack.
49) Integer overflow (CVE-ID: CVE-2019-5827)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in SQLite component via WebSQL in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
50) Use of uninitialized resource (CVE-ID: CVE-2019-13751)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to usage of uninitialized resources in SQLite in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger uninitialized usage of resources and bypass implemented security mechanisms.
51) Input validation error (CVE-ID: CVE-2019-13750)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in SQLite in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
52) Resource exhaustion (CVE-ID: CVE-2022-36083)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the way application handles untrusted JWE tokens A remote attacker can trigger pass the PBKDF2-based JWE key with an extremely high PBES2 Count value and consume significant amount of CPU time, resulting in a denial of service conditions.
53) Buffer overflow (CVE-ID: CVE-2022-23219)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the clnt_create() function in the sunrpc module. A remote attacker can pass specially crafted input to the application that is using the affected library version, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
54) Buffer overflow (CVE-ID: CVE-2022-23218)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the svcunix_create() in the sunrpc module ib glibc. A remote attacker can pass specially crafted input to the application that is using the affected library version, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
55) Off-by-one (CVE-ID: CVE-2021-3999)
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to an off-by-one error glibc getcwd() function. A remote attacker can pass specially crafted input to the application that is using the affected library version, trigger an off-by-one error and execute arbitrary code on the target system.
56) Integer overflow (CVE-ID: CVE-2021-35942)
The vulnerability allows a remote attacker to gain access to sensitive information or perform a DoS attack.
The vulnerability exists due to integer overflow in parse_param in posix/wordexp.c in the GNU C Library when called with an untrusted pattern. A remote attacker can pass specially crafted data to the application, trigger integer overflow and read arbitrary memory on the system of perform a denial of service (DoS) attack.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
57) Use-after-free (CVE-ID: CVE-2021-33574)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the mq_notify() function in the GNU C Library. A remote attacker can force the library to use the notification thread attributes object (passed through its struct
sigevent parameter) after it has been freed by the caller, leading to a
denial of service or possibly remote code execution.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
58) Double Free (CVE-ID: CVE-2021-27645)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the nameserver caching daemon (nscd) in the GNU C Library when processing a request for netgroup lookup. A local user can initiate a specially crafted request, trigger a double free error and perform a denial of service (DoS) attack.
59) Buffer overflow (CVE-ID: CVE-2018-25032)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when compressing data. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.
60) UNIX symbolic link following (CVE-ID: CVE-2021-23177)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue when extracting files from archive, which can lean to changing ACLs of the target of the link. A local user can create a specially crafted archive, trick the victim into extracting files from it and escalate privileges on the system.
61) UNIX symbolic link following (CVE-ID: CVE-2021-31566)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue when extracting files from the archive. A local user can create a specially crafted symbolic link to a critical file on the system, place it into an archive and modify modes, times, access control lists, and flags of a file outside of the archive.
Remediation
Install update from vendor's website.