SB2024100713 - Multiple vulnerabilities in IBM Aspera Console
Published: October 7, 2024 Updated: December 19, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 17 secuirty vulnerabilities.
1) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2024-38472)
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted HTTP request and trick the web server to leak NTLM hashes.
Note, the vulnerability affects Windows installations only.
2) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2024-40898)
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input in Apache HTTP Server on Windows with mod_rewrite in server/vhost context. A remote attacker can force the web server to leak NTML hashes to a malicious server via SSRF and malicious requests.
3) Input validation error (CVE-ID: CVE-2024-38473)
The vulnerability allows a remote attacker to bypass authentication.
The vulnerability exists due to insufficient validation of user-supplied input when handling incorrect encoding in mod_proxy. A remote attacker can force the web server to pass request URLs with incorrect encoding to backend services.
4) Man-in-the-middle attack (CVE-ID: CVE-2015-4000)
The vulnerability allows a remote attacker to decrypt TLS connections in certain situations.The vulnerability exists due to boundary error when parsing HTTP requests. A remote unauthenticated attacker can conduct a man-in-the-middle attack that can lead to the target system to downgrade the Diffie-Hellman algorithm to 512-bit export-grade cryptography.
Successful exploitation of this vulnerability may result in modification of authentication information
5) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2024-38476)
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker with control over the backend server can run local handlers via internal redirect and gain access to sensitive information or compromise the affected system.
6) NULL pointer dereference (CVE-ID: CVE-2024-36387)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when handling websocket over HTTP/2 connections. A remote attacker can send specially crafted data to the web server and perform a denial of service (DoS) attack.
7) Not Using Password Aging (CVE-ID: CVE-2023-27272)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to passwords can be reused when a new user logs into the system. A remote user can bypass security restrictions.
8) Buffer overflow (CVE-ID: CVE-2018-25032)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when compressing data. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.
9) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2024-39573)
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input in mod_rewrite proxy handler substitution. A remote attacker can cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy.
10) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2022-43851)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the use of weaker than expected cryptographic algorithms. A remote attacker can decrypt highly sensitive information.
11) XPath Injection (CVE-ID: CVE-2022-43840)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to XPath injection. A remote user can exfiltrate sensitive application data and/or determine the structure of the XML document.
12) Cross-site scripting (CVE-ID: CVE-2022-43850)
The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
13) Information disclosure (CVE-ID: CVE-2024-39884)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error when processing legacy content-type based configuration of handlers, such as "AddType" and similar configuration when files are requested indirectly. A remote attacker can send a specially crafted HTTP request and view contents of files, for example the source code of a PHP script can be served instead of interpreted.
14) Information disclosure (CVE-ID: CVE-2024-40725)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error when processing legacy content-type based configuration of handlers, such as "AddType" and similar configuration when files are requested indirectly. A remote attacker can send a specially crafted HTTP request and view contents of files, for example the source code of a PHP script can be served instead of interpreted.
Note, the vulnerability exists due to incomplete fix for #VU93729 (CVE-2024-39884).
15) Improper Neutralization of HTTP Headers for Scripting Syntax (CVE-ID: CVE-2022-43852)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to improper input validation when processing HTTP requests. A remote non-authenticated attacker can send a specially crafted HTTP request with an arbitrary Host header that will be accepted by the application.
Successful exploitation of the vulnerability may allow an attacker to perform cross-site scripting, cache poisoning or session hijacking attacks.
16) Improper Neutralization of HTTP Headers for Scripting Syntax (CVE-ID: CVE-2022-43847)
The vulnerability allows a remote user to perform spoofing attack.
The vulnerability exists due to improper input validation when processing HTTP requests. A remote user can send a specially crafted HTTP request with an arbitrary Host header that will be accepted by the application.
Successful exploitation of the vulnerability may allow an attacker to perform cross-site scripting, cache poisoning or session hijacking attacks.
17) Sensitive Cookie Without 'HttpOnly' Flag (CVE-ID: CVE-2022-43845)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the failure to set the HTTPOnly flag. A remote attacker can gain unauthorized access to sensitive information from the cookie on the system.
Remediation
Install update from vendor's website.