SB2023092623 - Multiple vulnerabilities in IBM Application Performance Management products 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023092623

SB2023092623 - Multiple vulnerabilities in IBM Application Performance Management products

Published: September 26, 2023

Security Bulletin ID SB2023092623
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 40% Medium 40% Low 20%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) UNIX symbolic link following (CVE-ID: CVE-2013-0248)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue. The application uses the /tmp directory for uploaded files. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.

Successful exploitation of this vulnerability may result in privilege escalation.


2) Resource exhaustion (CVE-ID: CVE-2016-3092)

The vulnerability allows a remote attacker to cause denial of service conditions on the target system.

The vulnerability exists due to input validation error when processing very long boundary strings within the MultipartStream class in Apache Commons Fileupload. A remote user can cause denial of service conditions by sending specially crafted boundary string and consume excessive CPU resources.

Successful exploitation of this vulnerability may result in denial of service attack.


3) Desereliazation of untrusted data (CVE-ID: CVE-2016-1000031)

The vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target system.

The weakness exists in DiskFileItem class of the FileUpload library due to deserialization of untrusted data. A remote attacker can execute arbitrary code under the context of the current process.

Successful exploitation of the vulnerability may result in system compromise.

4) Infinite loop (CVE-ID: CVE-2014-0050)

The vulnerability allows a remote attacker to cause DoS conditions on the target system.

The weakness exists due to boundary error when handling Content-Type HTTP header for multipart requests. By sending a specially crafted Content-Type header, containing 4092 characters in "boundary" field, a remote attacker can cause the application to enter into an infinite loop.

Successful exploitation of the vulnerability results in denial of service on the vulnerable system.

Note: the vulnerability was being actively exploited.

5) Input validation error (CVE-ID: CVE-2013-2186)

The vulnerability allows a remote attacker to overwrite arbitrary files on the system.

The vulnerability exists due to insufficient validation of user-supplied input when processing file names with a NULL byte within the DiskFileItem class. A remote attacker can upload a specially crafted file with a NULL byte in its name and overwrite arbitrary files on the system.


Remediation

Install update from vendor's website.

References