SB2025032413 - Multiple vulnerabilities in HPE Unified OSS Console Assurance Monitoring (UOCAM)
Published: March 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 secuirty vulnerabilities.
1) Inefficient regular expression complexity (CVE-ID: CVE-2023-26118)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions in the input[url] functionality. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
2) Inefficient regular expression complexity (CVE-ID: CVE-2023-26117)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing untrusted input passed via the $resource service. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
3) Inefficient regular expression complexity (CVE-ID: CVE-2023-26116)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
4) Inefficient regular expression complexity (CVE-ID: CVE-2022-25844)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to angular provides a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
5) Cross-site scripting (CVE-ID: CVE-2020-7676)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when wrapping "<option>" elements in "<select>" ones changes parsing behavior. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
6) Use-after-free (CVE-ID: CVE-2024-38555)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cmd_comp_notifier() function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can escalate privileges on the system.
7) Prototype pollution (CVE-ID: CVE-2024-38999)
The vulnerability allows a remote attacker to execute arbitrary JavaScript code.
The vulnerability exists due to prototype pollution via the function s.contexts._.configure. A remote attacker can pass specially crafted input to the application and perform prototype pollution, which can result in information disclosure or data manipulation.
8) NULL pointer dereference (CVE-ID: CVE-2024-37890)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when handling requests with the number of headers that exceeds the "server.maxHeadersCount" value. A remote attacker can send a specially crafted request to the application and perform a denial of service (DoS) attack.
9) Uncaught Exception (CVE-ID: CVE-2023-32695)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling. A remote attacker can send a specially crafted Socket.IO packet to the application and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos
- https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326
- https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos
- https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324
- https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos
- https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2772737
- https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2772736
- https://stackblitz.com/edit/angularjs-material-blank-zvtdvb
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2772738
- https://security.netapp.com/advisory/ntap-20220629-0009/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO/
- https://github.com/angular/angular.js/pull/17028
- https://github.com/angular/angular.js/pull/17028,
- https://snyk.io/vuln/SNYK-JS-ANGULAR-570058
- https://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3
- https://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0
- https://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396
- https://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb
- https://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c3267f94cd7
- https://git.kernel.org/stable/c/7ac4c69c34240c6de820492c0a28a0bd1494265a
- https://git.kernel.org/stable/c/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.219
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.161
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.93
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.33
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.12
- https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a
- https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q
- https://github.com/websockets/ws/issues/2230
- https://github.com/websockets/ws/pull/2231
- https://github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f
- https://github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e
- https://github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c
- https://github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63
- https://nodejs.org/api/http.html#servermaxheaderscount
- https://github.com/socketio/socket.io-parser/releases/tag/4.2.3
- https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3
- https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced
- https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9