SB2023112104 - Multiple vulnerabilities in IBM Storage Defender - Data Protect

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023112104

SB2023112104 - Multiple vulnerabilities in IBM Storage Defender - Data Protect

Published: November 21, 2023 Updated: December 11, 2025

Security Bulletin ID SB2023112104
Severity
High
Patch available
YES
Number of vulnerabilities 13
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 8% Medium 62% Low 31%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 13 secuirty vulnerabilities.


1) Improper Authentication (CVE-ID: CVE-2022-23555)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to token reuse in invitation URLs leads to access control bypass via the use of a different enrollment flow than in the one provided. A remote attacker can that knows different invitation flows names (e.g. `enrollment-invitation-test` and `enrollment-invitation-admin`) via either different invite links or via brute forcing signup via a single invitation url for any valid invite link received (it can even be a url for a third flow as long as it's a valid invite) as the token used in the `Invitations` section of the Admin interface does NOT change when a different `enrollment flow` is selected via the interface and it is NOT bound to the selected flow, so it will be valid for any flow when used.


2) Resource exhaustion (CVE-ID: CVE-2023-2828)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can cause the amount of memory used by a named resolver to go well beyond the configured max-cache-size limit. The effectiveness of the attack depends on a number of factors (e.g. query load, query patterns), but since the default value of the max-cache-size statement is 90%, in the worst case the attacker can exhaust all available memory on the host running named, leading to a denial-of-service condition.


3) Use-after-free (CVE-ID: CVE-2022-3564)

The vulnerability allows an attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the l2cap_reassemble_sdu() function in net/bluetooth/l2cap_core.c. An attacker with physical access to device can trigger a use-after-free error and execute arbitrary code on the system.


4) Use-after-free (CVE-ID: CVE-2023-0215)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the BIO_new_NDEF function. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.



5) Stored cross-site scripting (CVE-ID: CVE-2022-32174)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the select assignee component. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


6) Incorrect default permissions (CVE-ID: CVE-2023-32698)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to file permissions on the checked-in files were not maintained. A local user with access to the system can view contents of files and directories or modify them.


7) Deserialization of Untrusted Data (CVE-ID: CVE-2022-28948)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to insecure input validation when processing serialized data in the Unmarshal function. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


8) OS Command Injection (CVE-ID: CVE-2022-1292)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.



9) Infinite loop (CVE-ID: CVE-2022-0778)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the BN_mod_sqrt() function when processing an ASN.1 certificate that contains elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. A remote attacker can supply a specially crafted certificate to the TLS server or client, consume all available system resources and cause denial of service conditions.


10) Resource management error (CVE-ID: CVE-2020-8277)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application when processing a large number of DNS responses. A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a denial of service condition.


11) Path traversal (CVE-ID: CVE-2020-7667)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.


12) NULL pointer dereference (CVE-ID: CVE-2017-3730)

The vulnerability allows a remote attacker to cause denial of service.

The vulnerability exists in OpenSSL due to NULL pointer dereference error when processing specially crafted parameters for a Diffie-Hellman Key Exchange (DHE) or Elliptic Curve Diffie-Hellman Exchange (ECDHE), received from malicious server. A remote attacker can trick the victim into connecting to a specially crafted website and trigger NULL pointer dereference error in client software.

Successful exploitation of the vulnerability may allow an attacker to perform denial of service (DoS) attack against vulnerable client software.


13) Heap overflow (CVE-ID: CVE-2016-7054)

The vulnerability allows a remote attacker to perform denial of service (Dos) attack.

The vulnerability exists due to a boundary error when processing *-CHACHA20-POLY1305 TLS ciphersuites (ChaCha20/Poly1305) in OpenSSL. A remote attacker can send large payloads to affected service, triggering heap overflow. 

Successful exploitation of the vulnerability may result in denial of service (DoS) conditions.




Remediation

Install update from vendor's website.

References