SB2024020522 - Multiple vulnerabilities in IBM Application Performance Management products
Published: February 5, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 16 secuirty vulnerabilities.
1) Improper verification of cryptographic signature (CVE-ID: CVE-2016-1000338)
The vulnerability allows a remote attacker to bypass signature validation process.
The JCE Provider in Bouncy Castle does not fully validate ASN.1 encoding of signature on verification within DSA implementation. A remote attacker can inject extra elements in the sequence making up the signature, which will be considered valid allowing an attacker to add extra data into a signed structure.
2) Deserialization of Untrusted Data (CVE-ID: CVE-2018-1000613)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data passed via the XMSS/XMSS^MT private key. A remote attacker can pass specially crafted data to the the Bouncy Castle Java Cryptography API and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Information Exposure Through Timing Discrepancy (CVE-ID: CVE-2020-15522)
The vulnerability allows a remote attacker to gain access to sensitive information.
The
vulnerability exists due to a timing issue within the EC math library. A remote attacker who can observe timing information for the generation of multiple deterministic ECDSA signatures is able to reconstruct the private key used for encryption.
4) Cryptographic issues (CVE-ID: CVE-2016-1000343)
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists in Bouncy Castle JCE Provider implementation of DSA key pair generator that generates a weak private key (1024 bit key size) if used with default values. The attacker can use this vulnerability to decrypt data.
5) Cryptographic issues (CVE-ID: CVE-2016-1000339)
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability is present in Bouncy Castle JCE Provider due to usage of AESFastEngine that does not provide the sufficient level of secrecy and is prone to side-channel attacks.
6) Information disclosure (CVE-ID: CVE-2015-6644)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.
7) Cryptographic issues (CVE-ID: CVE-2016-1000352)
The vulnerability allows a remote attacker to modify data on the system.
The vulnerability exists due to ECIES implementation allowed the use of ECB mode. A remote attacker can trigger the vulnerability to bypass security restrictions and escalate privileges on the system.
8) Cryptographic issues (CVE-ID: CVE-2016-1000344)
The vulnerability allows a remote attacker to modify data on the system.
The vulnerability exists due to DHIES implementation allowed the use of ECB mode. A remote attacker can trigger the vulnerability to modify data on the system.
9) Improper verification of cryptographic signature (CVE-ID: CVE-2016-1000342)
The vulnerability allows a remote attacker to bypass signature validation process.
The JCE Provider in Bouncy Castle does not fully validate ASN.1 encoding of signature on verification within ECDSA implementation. A remote attacker can inject extra elements in the sequence making up the signature, which will be considered valid allowing an attacker to add extra data into a signed structure.
10) Cryptographic issues (CVE-ID: CVE-2016-1000341)
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists in Bouncy Castle JCE Provider implementation of DSA signature generation process. The attacker with ability to observe timings for the generation of signatures can gain information about the signature's k value and ultimately the private value as well.
11) Information disclosure (CVE-ID: CVE-2020-26939)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to observable differences in behavior to error inputs within the org.bouncycastle.crypto.encodings.OAEPEncoding component in Legion of the Bouncy Castle BC. A remote attacker can obtain sensitive information about a private exponent by sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder. This causes the application to throw an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.
12) Cryptographic issues (CVE-ID: CVE-2016-1000340)
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists in Bouncy Castle JCE Provider due to buggy implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.
13) Information disclosure (CVE-ID: CVE-2016-1000345)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to DHIES/ECIES CBC mode vulnerable to padding oracle attack. A remote attacker with enough observations can identify when the decryption is failing due to padding.
14) Memory leak (CVE-ID: CVE-2019-17359)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in the ASN.1 parser. A remote attacker can send a specially crafted ASN.1 data and cause an OutOfMemoryError and perform denial of service attack.
15) Key management errors (CVE-ID: CVE-2016-1000346)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the other party DH public key is not fully validated.. A remote attacker can gain unauthorized access to sensitive information on the system and reveal details about the other party's private key where static Diffie-Hellman is in use.
16) LDAP injection (CVE-ID: CVE-2023-33201)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to improper input validation in applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability. A remote non-authenticated attacker can use a specially crafted X.509 certificate to bypass authentication process and gain unauthorized access to the application.
Remediation
Install update from vendor's website.