SB2024010530 - Multiple vulnerabilities in IBM Watson Machine Learning Accelerator on Cloud Pak for Data
Published: January 5, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 36 secuirty vulnerabilities.
1) Authorization bypass through user-controlled key (CVE-ID: CVE-2022-0512)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.
2) Out-of-bounds read (CVE-ID: CVE-2019-6283)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Sass::Prelexer::parenthese_scope in prelexer.hpp. A remote attacker can pass specially specially crafted data to the application, trigger out-of-bounds read error and read contents of memory on the system.
3) NULL pointer dereference (CVE-ID: CVE-2018-11694)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the function Sass::Functions::selector_append. A remote attacker can trick the victim into opening specially crafted data and perform a denial of service (DoS) attack.
4) Stack-based buffer overflow (CVE-ID: CVE-2018-19838)
The vulnerability allows a remote attacker to cause DoS condition.
The vulnerability exists due to stack-based buffer overflow in functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy(). A remote attacker can send a specially crafted sass file, trigger memory corruption and cause the service to crash.
5) Prototype pollution (CVE-ID: CVE-2020-28499)
The vulnerability allows a remote attacker to execute arbitrary JavaScript code.
The vulnerability exists due to improper input validation via _recursiveMerge. A remote attacker can pass specially crafted input to the application and perform prototype pollution, which can result in information disclosure or data manipulation.
6) Out-of-bounds read (CVE-ID: CVE-2018-11698)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the function Sass::handle_error. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
7) Deserialization of Untrusted Data (CVE-ID: CVE-2022-1471)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data within the SnakeYaml's Constructor() class. A remote attacker can pass specially crafted yaml content to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Path traversal (CVE-ID: CVE-2022-24785)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the npm version of Moment.js. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
9) Authorization bypass through user-controlled key (CVE-ID: CVE-2022-0686)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.
10) Out-of-bounds read (CVE-ID: CVE-2019-6286)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(). A remote attacker can pass specially specially crafted data to the application, trigger out-of-bounds read error and read contents of memory on the system.
11) Authorization bypass through user-controlled key (CVE-ID: CVE-2022-0691)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.
12) Authorization bypass through user-controlled key (CVE-ID: CVE-2022-0639)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.
13) Open redirect (CVE-ID: CVE-2021-3664)
The vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
14) Information disclosure (CVE-ID: CVE-2021-27515)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the mishandling of backslash such as http:/. A remote attacker can send a specially crafted HTTP request and gain unauthorized access to sensitive information on the system.
15) Resource exhaustion (CVE-ID: CVE-2022-42004)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control usage of deeply nested arrays in BeanDeserializer._deserializeFromArray. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
16) Deserialization of Untrusted Data (CVE-ID: CVE-2022-42003)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insecure input validation when processing serialized data when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. A remote attacker can pass specially crafted data to the application and cause a denial of service condition on the target system.
17) Type Confusion (CVE-ID: CVE-2023-0286)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error related to X.400 address processing inside an X.509 GeneralName. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and perform a denial of service (DoS) attack or read memory contents.
In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
18) Uncontrolled Recursion (CVE-ID: CVE-2018-20821)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp. A remote attacker can trigger the vulnerability and gain access to potentially sensitive information.
19) Out-of-bounds read (CVE-ID: CVE-2018-11697)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists in the function Sass::Prelexer::exactly(). A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and disclose information or manipulated to read from unmapped memory causing a denial of service.
20) Information disclosure (CVE-ID: CVE-2022-0155)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.
21) Resource exhaustion (CVE-ID: CVE-2022-25857)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling YAML files. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
22) Stack-based buffer overflow (CVE-ID: CVE-2022-38749)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when handling YAML files. A remote attacker can pass a specially crafted YAML file to the application, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.23) Stack-based buffer overflow (CVE-ID: CVE-2022-38752)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when handling YAML files. A remote attacker can pass a specially crafted YAML file to the application, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.
24) Stack-based buffer overflow (CVE-ID: CVE-2022-38750)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when handling YAML files. A remote attacker can pass a specially crafted YAML file to the application, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.25) Out-of-bounds write (CVE-ID: CVE-2022-38751)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted YAML input. A remote attacker can pass a specially crafted YAML file to the application, trigger out-of-bounds write and perform a denial of service (DoS) attack.
26) Information disclosure (CVE-ID: CVE-2022-0536)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.
27) Incorrect Regular Expression (CVE-ID: CVE-2022-31129)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of user-supplied input when parsing overly long strings. A remote attacker can pass a string that contains more that 10k characters and perform regular expression denial of service (ReDoS) attack.
28) Incorrect Regular Expression (CVE-ID: CVE-2021-33502)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to exponential performance for data. A remote attacker can pass specially crafted data to the application and perform a regular expression denial of service (ReDos) attack.
29) Out-of-bounds write (CVE-ID: CVE-2022-41854)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a boundary error when parsing untrusted YAML files. A remote attacker can send a specially crafted YAML file, trick the victim into opening it using the affected software, trigger out-of-bounds write and perform a denial of service attack.
30) Uncontrolled Recursion (CVE-ID: CVE-2019-18797)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.
31) Use-after-free (CVE-ID: CVE-2018-19827)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.
32) NULL pointer dereference (CVE-ID: CVE-2018-20190)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp. A remote attacker can trick the victim into opening a specially crafted sass input file and perform a denial of service (DoS) attack.
33) Use-after-free (CVE-ID: CVE-2018-11499)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in handle_error() function in sass_context.cpp in LibSass. A remote attacker can cause a denial of service (application crash) or possibly unspecified other impact.
34) Out-of-bounds read (CVE-ID: CVE-2019-6284)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Sass::Prelexer::alternatives in prelexer.hpp. A remote attacker can pass specially specially crafted data to the application, trigger out-of-bounds read error and read contents of memory on the system.
35) NULL pointer dereference (CVE-ID: CVE-2018-19797)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted sass input file.
36) Resource exhaustion (CVE-ID: CVE-2018-20822)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).
Remediation
Install update from vendor's website.