SB2024121856 - Multiple vulnerabilities in IBM Operations Analytics - Log Analysis

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Improper Authentication (CVE-ID: CVE-2024-45216)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in the PKIAuthenticationPlugin when handling URLs. A remote attacker can bypass authentication process using a fake URL ending at the end of any Solr API URL path and gain unauthorized access to the application.

2) Insufficient verification of data authenticity (CVE-ID: CVE-2024-45217)

The vulnerability allows a remote attacker to compromise the affected instance.

The vulnerability exists due to ConfigSets created during a backup restore command are trusted implicitly. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted implicitly if the metadata is missing, therefore this leads to "trusted" ConfigSets that may not have been created with an Authenticated request.

3) Uncontrolled Recursion (CVE-ID: CVE-2024-7254)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields. A remote attacker can pass specially crafted input to the application to create unbounded recursions and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/support/pages/node/7179367