SB2024013106 - Multiple vulnerabilities in IBM Data Risk Manager
Published: January 31, 2024 Updated: January 9, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 32 secuirty vulnerabilities.
1) Resource exhaustion (CVE-ID: CVE-2023-44487)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improperly control of consumption for internal resources when handling HTTP/2 requests with compressed HEADERS frames. A remote attacker can send a sequence of compressed HEADERS frames followed by RST_STREAM frames and perform a denial of service (DoS) attack, a.k.a. "Rapid Reset".
Note, the vulnerability is being actively exploited in the wild.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-5870)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to pg_cancel_backend rolse signals background workers, including the logical replication launcher, autovacuum workers and the autovacuum launcher. A remote privileged user can abuse this behavior and perform a denial of service (DoS) attack.
3) Untrusted search path (CVE-ID: CVE-2023-38408)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to usage of an insecure search path within the PKCS#11 feature in ssh-agent. A remote attacker can trick the victim into connecting to a malicious SSH server and execute arbitrary code on the system, if an agent is forwarded to an attacker-controlled system.
Note, this vulnerability exists due to incomplete fix for #VU2015 (CVE-2016-10009).
4) Use-after-free (CVE-ID: CVE-2023-32233)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in Netfilter nf_tables when processing batch requests. A local user can trigger a use-after-free error and execute arbitrary code with root privileges.
5) Incorrect permission assignment for critical resource (CVE-ID: CVE-2023-34042)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to incorrect permission assignment for spring-security.xsd. A local administrator can write arbitrary file on the system.
6) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2023-45648)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation when parsing HTTP trailer headers. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
7) Exposed dangerous method or function (CVE-ID: CVE-2023-42794)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to Tomcat's internal fork of a Commons FileUpload included an unreleased, in progress refactoring that exposed a potential denial of service on Windows. A remote attacker can perform a denial of service attack by uploading multiple files to the server that are not removed.
8) Resource management error (CVE-ID: CVE-2023-42795)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper management of internal resources within the application when recycling various internal objects. A remote attacker can force Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next.
9) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2023-40167)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests when handling the "+" character passed via the HTTP/1 header field. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
10) Improper input validation (CVE-ID: CVE-2023-22045)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM for JDK. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
11) Improper input validation (CVE-ID: CVE-2023-22049)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM for JDK. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
12) Out-of-bounds write (CVE-ID: CVE-2023-35001)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the nft_byteorder() function. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.
13) Improper input validation (CVE-ID: CVE-2023-35116)
The vulnerability allows a remote authenticated user to perform service disruption.
The vulnerability exists due to improper input validation within the Oracle Database Fleet Patching and Provisioning (jackson-databind) in Oracle Database Server. A remote authenticated user can exploit this vulnerability to perform service disruption.
14) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2023-46589)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests when parsing malformed trailer headers. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
15) Open redirect (CVE-ID: CVE-2023-41080)
The vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data, if the ROOT (default) web application is configured to use FORM authentication. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
16) SQL injection (CVE-ID: CVE-2023-39417)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data within the extension script @substitutions@, which uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
17) Information disclosure (CVE-ID: CVE-2023-5868)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the aggregate function calls when handling "unknown"-type arguments. A remote user can read parts of system memory.
18) Security features bypass (CVE-ID: CVE-2023-34034)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the usage of "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux. A remote unauthenticated attacker can trigger the vulnerability to bypass security restrictions.
19) Deserialization of Untrusted Data (CVE-ID: CVE-2023-39410)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to reader can consume memory beyond the allowed constraints and thus lead to out of memory on the system, when deserializing untrusted or corrupted data. A remote attacker can pass specially crafted data to the application and perform a denial of service attack.
20) Use-after-free (CVE-ID: CVE-2023-4208)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the cls_u32 component in Linux kernel packet scheduler. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
21) Deserialization of Untrusted Data (CVE-ID: CVE-2023-34040)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system under certain conditions.
22) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2023-43642)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to missing upper bound check on chunk length. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
23) Use-after-free (CVE-ID: CVE-2023-4128)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
24) LDAP injection (CVE-ID: CVE-2023-33201)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to improper input validation in applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability. A remote non-authenticated attacker can use a specially crafted X.509 certificate to bypass authentication process and gain unauthorized access to the application.
25) Integer overflow (CVE-ID: CVE-2023-36478)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in MetaDataBuilder.checkSize when handling HTTP/2 HPACK header values. A remote attacker can send specially crafted request to the server, trigger an integer overflow and crash the server.
26) Integer overflow (CVE-ID: CVE-2023-5869)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in array modification. A remote user can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
27) Use-after-free (CVE-ID: CVE-2023-3776)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the Linux kernel's net/sched: cls_fw component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
28) Improper input validation (CVE-ID: CVE-2023-22081)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the JSSE component in Oracle GraalVM for JDK. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
29) Improper input validation (CVE-ID: CVE-2023-22067)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the CORBA component in Oracle Java SE. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
30) Segmentation fault (CVE-ID: CVE-2023-5676)
The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing. A local privileged user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
31) Resource exhaustion (CVE-ID: CVE-2023-33202)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when parsing OpenSSL PEM encoded streams containing X.509 certificates. A remote attacker can send ASN.1 data through the PEMParser to trigger resource exhaustion and perform a denial of service (DoS) attack.
32) Out-of-bounds write (CVE-ID: CVE-2023-3611)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the qfq_change_agg() function in net/sched/sch_qfq.c within the Linux kernel net/sched: sch_qfq component. A local user trigger an out-of-bounds write and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.