SB20250716102 - Multiple vulnerabilities in IBM Netezza Analytics - NPS

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20250716102

SB20250716102 - Multiple vulnerabilities in IBM Netezza Analytics - NPS

Published: July 16, 2025

Security Bulletin ID SB20250716102
Severity
High
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 27% Medium 36% Low 36%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Code Injection (CVE-ID: CVE-2024-6345)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation when processing URL in the package_index module of pypa/setuptools. A remote attacker can send a specially crafted request and execute arbitrary code on the target system via download functions.


2) Incorrect Regular Expression (CVE-ID: CVE-2022-40897)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing HTML content. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.


3) Buffer overflow (CVE-ID: CVE-2013-7459)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.


4) Information disclosure (CVE-ID: CVE-2018-6594)

The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists in the ElGamal implementation in PyCrypto due to generation of weak ElGamal key parameters by the source code in the lib/Crypto/PublicKey/ElGamal.py file. A remote attacker can gain access to potentially sensitive information.

5) Data Handling (CVE-ID: CVE-2018-20225)

The vulnerability allows a remote attacker to compromise the affected system.

The issue exists due to the way pip handles software versioning during installation with --extra-index-url option enabled, which results in the version with the highest version number to be installed, even if the user had intended to obtain a private package from a private index. A remote attacker compromise the repository and force installation of a malicious package.


6) Path traversal (CVE-ID: CVE-2019-20916)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences passed via URL to the install command within the _download_http_url() function in _internal/download.py. A remote attacker can send a specially crafted HTTP request with the Content-Disposition header that contains directory traversal characters in the filename and overwrite the /root/.ssh/authorized_keys file.


7) Command Injection (CVE-ID: CVE-2023-5752)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation when installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip. A remote attacker who controls the repository can use the specified Mercurial revision to inject arbitrary configuration options to the "hg clone" call (ie "--config").


8) Improper access control (CVE-ID: CVE-2018-1000805)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper access control in SSH server. A remote unauthenticated attacker can bypass access controls via unspecified vectors and execute arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


9) Authentication bypass (CVE-ID: CVE-2018-7750)

The vulnerability allows a remote unauthenticated attacker to bypass authentication.

The weakness exists is due to improper security restrictions. A remote attacker can use a customized SSH client, bypass authentication and gain unauthorized access to resources on the target systemю

10) Race condition (CVE-ID: CVE-2022-24302)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a race condition in the write_private_key_file() function between creation and chmod operations. A local user can exploit the race and gain unauthorized access to sensitive information.


11) Inadequate encryption strength (CVE-ID: CVE-2023-48795)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to incorrect implementation of the SSH Binary Packet Protocol (BPP), which mishandles the handshake phase and the use of sequence numbers. A remote attacker can perform MitM attack and delete the SSH2_MSG_EXT_INFO message sent before authentication starts, allowing the attacker to disable a subset of the keystroke timing obfuscation features introduced in OpenSSH 9.5.

The vulnerability was dubbed "Terrapin attack" and it affects both client and server implementations.


Remediation

Install update from vendor's website.

References