SB2024040521 - Multiple vulnerabilities in IBM Intelligent Operations Center (IOC) 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024040521

SB2024040521 - Multiple vulnerabilities in IBM Intelligent Operations Center (IOC)

Published: April 5, 2024

Security Bulletin ID SB2024040521
Severity
Medium
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 14% Low 86%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2023-38729)

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote user can gain unauthorized access to sensitive information on the system.


2) Input validation error (CVE-ID: CVE-2012-2677)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected.


3) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2024-25030)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to software stores sensitive information into log files. A local user can read the log files and gain access to sensitive data.


4) Input validation error (CVE-ID: CVE-2024-25046)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.


5) Resource exhaustion (CVE-ID: CVE-2024-27254)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote user can trigger resource exhaustion and perform a denial of service (DoS) attack.


6) Input validation error (CVE-ID: CVE-2023-52296)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.


7) Resource exhaustion (CVE-ID: CVE-2024-22360)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote user can trigger resource exhaustion and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References