SB2020120117 - Multiple vulnerabilities in IBM Cloud Pak for Security
Published: December 1, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2020-4626)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote authenticated attacker can send a specially crafted HTTP request and gain unauthorized access to sensitive information on the system.
2) CVS Injection (CVE-ID: CVE-2020-4627)
The vulnerability allows a remote attacker to inject arbitrary code into CSV files.
The vulnerability exists due to improper input validation. A remote attacker can inject arbitrary code into a CSV file.
3) Information disclosure (CVE-ID: CVE-2020-4625)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the failure to set the HTTPOnly flag. A remote attacker can gain unauthorized access to sensitive information on the system.
4) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2020-4624)
The vulnerability allows a remote attacker to gain access to sensitive information on the target system.
The vulnerability exists due to the affected software uses weaker than expected cryptographic algorithms during negotiation. A remote attacker can decrypt sensitive information.
5) Session Fixation (CVE-ID: CVE-2020-4696)
The vulnerability allows a remote attacker to gain access to sesntive information in the system.
The vulnerability exists due to the session invalidation issue. A remote attacker can obtain sensitive information from the previous session
Remediation
Install update from vendor's website.
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/185362
- https://www.ibm.com/support/pages/node/6372534
- https://exchange.xforce.ibmcloud.com/vulnerabilities/185367
- https://www.ibm.com/support/pages/node/6372538
- https://exchange.xforce.ibmcloud.com/vulnerabilities/185360
- https://www.ibm.com/support/pages/node/6372536
- https://exchange.xforce.ibmcloud.com/vulnerabilities/185359
- https://www.ibm.com/support/pages/node/6372532
- https://exchange.xforce.ibmcloud.com/vulnerabilities/186789