SB2024122013 - Multiple vulnerabilities in IBM Disconnected Log Collector 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024122013

SB2024122013 - Multiple vulnerabilities in IBM Disconnected Log Collector

Published: December 20, 2024

Security Bulletin ID SB2024122013
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 20% Medium 60% Low 20%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Insecure Temporary File (CVE-ID: CVE-2020-15250)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the application is using the test rule TemporaryFolder that stores sensitive information in temporary files in the system temporary directory, accessible by other system users. A local user can read temporary files and obtain sensitive information, related to the application.


2) Input validation error (CVE-ID: CVE-2024-47561)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input when parsing schema in Java SDK. A remote attacker can pass specially crafted schema to the application and execute arbitrary code on the system.


3) Information disclosure (CVE-ID: CVE-2024-31141)

The vulnerability allows a remote user to escalate privileges within the application.

The vulnerability exists due to the way Apache Kafka Clients handles custom configurations. A remote user with access to REST API can read arbitrary files and variables on the system and escalate their privileges filesystem/environment access.


4) Buffer overflow (CVE-ID: CVE-2024-47072)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing unstrusted input. A remote attacker can pass a specially crafted stream to the application, trigger a stack overflow and perform a denial of service (DoS) attack.

Successful exploitation of this vulnerability requires that XStream is configured to use the BinaryStreamDriver.


5) Resource exhaustion (CVE-ID: CVE-2024-47554)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when handling untrusted input passed to the org.apache.commons.io.input.XmlStreamReader class. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References