SB2024020720 - Multiple vulnerabilities in IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN Module

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024020720

SB2024020720 - Multiple vulnerabilities in IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN Module

Published: February 7, 2024 Updated: December 6, 2024

Security Bulletin ID SB2024020720
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

High 10% Medium 50% Low 40%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Integer overflow (CVE-ID: CVE-2023-36478)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in MetaDataBuilder.checkSize when handling HTTP/2 HPACK header values. A remote attacker can send specially crafted request to the server, trigger an integer overflow and crash the server.


2) Resource exhaustion (CVE-ID: CVE-2023-44487)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improperly control of consumption for internal resources when handling HTTP/2 requests with compressed HEADERS frames. A remote attacker can send a sequence of compressed HEADERS frames followed by RST_STREAM frames and perform a denial of service (DoS) attack, a.k.a. "Rapid Reset".

Note, the vulnerability is being actively exploited in the wild.


3) Improper Authorization (CVE-ID: CVE-2023-41900)

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to an error in the revocation process. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the current request will still treat the user as authenticated.


4) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2023-40167)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests when handling the "+" character passed via the HTTP/1 header field. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.


5) Input validation error (CVE-ID: CVE-2023-36479)

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input in org.eclipse.jetty.servlets.CGI Servlet when quoting a command before its execution. A remote user can force the application to execute arbitrary file on the server and potentially compromise the system.


6) Resource exhaustion (CVE-ID: CVE-2023-34462)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources if no idle timeout handler was configured. A remote attacker can send a client hello packet, which leads the server to buffer up to 16MB of data per connection and results in a denial of service condition.


7) Input validation error (CVE-ID: CVE-2023-4807)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the POLY1305 MAC (message authentication code) implementation. A remote attacker can send specially crafted input to the application and corrupt MM registers on Windows 64 platform, resulting in a denial of service condition.


8) Division by zero (CVE-ID: CVE-2023-46849)

The vulnerability allows a remote client to perform a denial of service (DoS) attack.

The vulnerability exists due to server incorrectly restores "--fragment" configuration under certain circumstances. A remote client can cause a divide by zero error and perform a denial of service (DoS) attack.


9) Use-after-free (CVE-ID: CVE-2023-46850)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to openvpn incorrectly uses a send buffer after it has been freed. Under certain circumstances the freed memory can be sent to the client peer, resulting in information disclosure. The vulnerability affects TLS configuration.


10) Cryptographic issues (CVE-ID: CVE-2023-5363)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error when processing key and initialisation vector lengths in EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() function. A remote attacker can gain access to potentially sensitive information.

The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.


Remediation

Install update from vendor's website.

References