Multiple vulnerabilities in IBM Cloud Pak for Security



Published: 2022-08-18 | Updated: 2024-06-07
Risk Critical
Patch available YES
Number of vulnerabilities 99
CVE-ID CVE-2020-36328
CVE-2021-2163
CVE-2020-8927
CVE-2020-8231
CVE-2020-27619
CVE-2016-10228
CVE-2019-3842
CVE-2021-29894
CVE-2020-10543
CVE-2020-10878
CVE-2020-25712
CVE-2018-25011
CVE-2020-15358
CVE-2020-36329
CVE-2021-3177
CVE-2021-2369
CVE-2020-28469
CVE-2021-23364
CVE-2021-20578
CVE-2020-8177
CVE-2020-8622
CVE-2020-8617
CVE-2020-8624
CVE-2020-14347
CVE-2020-27618
CVE-2020-10029
CVE-2021-1825
CVE-2021-20271
CVE-2020-14362
CVE-2020-14361
CVE-2020-14346
CVE-2020-14345
CVE-2020-14344
CVE-2020-13776
CVE-2021-3541
CVE-2021-25214
CVE-2021-22918
CVE-2021-1820
CVE-2021-23336
CVE-2020-8284
CVE-2020-26116
CVE-2020-9983
CVE-2020-9948
CVE-2021-33910
CVE-2021-27218
CVE-2021-3421
CVE-2021-1826
CVE-2020-27783
CVE-2020-26137
CVE-2020-29573
CVE-2020-12049
CVE-2020-29362
CVE-2021-3326
CVE-2021-27290
CVE-2021-27219
CVE-2021-25215
CVE-2021-2388
CVE-2021-23362
CVE-2020-8625
CVE-2020-8286
CVE-2020-8285
CVE-2020-29363
CVE-2020-29361
CVE-2021-3537
CVE-2020-28196
CVE-2020-25692
CVE-2020-25648
CVE-2020-13434
CVE-2019-25013
CVE-2021-3450
CVE-2019-9169
CVE-2021-22543
CVE-2020-24332
CVE-2021-3449
CVE-2017-14502
CVE-2020-1971
CVE-2020-13584
CVE-2020-14363
CVE-2019-2708
CVE-2019-13012
CVE-2021-2341
CVE-2021-2432
CVE-2021-23337
CVE-2021-30661
CVE-2021-1817
CVE-2020-9951
CVE-2020-14360
CVE-2020-13543
CVE-2020-24330
CVE-2019-18276
CVE-2021-3520
CVE-2021-3518
CVE-2021-3517
CVE-2021-20305
CVE-2021-3609
CVE-2021-3516
CVE-2021-22555
CVE-2020-24977
CVE-2020-24331
CWE-ID CWE-122
CWE-20
CWE-120
CWE-825
CWE-94
CWE-264
CWE-327
CWE-190
CWE-787
CWE-416
CWE-119
CWE-347
CWE-185
CWE-287
CWE-644
CWE-617
CWE-665
CWE-835
CWE-121
CWE-79
CWE-345
CWE-191
CWE-125
CWE-200
CWE-93
CWE-843
CWE-789
CWE-681
CWE-401
CWE-299
CWE-674
CWE-476
CWE-770
CWE-254
CWE-59
CWE-193
CWE-415
CWE-276
CWE-77
CWE-269
CWE-273
CWE-362
Exploitation vector Network
Public exploit Public exploit code for vulnerability #22 is available.
Public exploit code for vulnerability #44 is available.
Public exploit code for vulnerability #58 is available.
Public exploit code for vulnerability #72 is available.
Public exploit code for vulnerability #74 is available.
Public exploit code for vulnerability #76 is available.
Vulnerability #84 is being exploited in the wild.
Public exploit code for vulnerability #90 is available.
Public exploit code for vulnerability #95 is available.
Vulnerability #97 is being exploited in the wild.
Vulnerable software
Subscribe
Cloud Pak for Security (CP4S)
Client/Desktop applications / Other client software

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 99 vulnerabilities.

1) Heap-based buffer overflow

EUVDB-ID: #VU53843

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-36328

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebPDecodeRGBInto function in libwebp.  A remote attacker can create a specially crafted file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU52449

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2163

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU46905

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8927

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Expired pointer dereference

EUVDB-ID: #VU45794

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8231

CWE-ID: CWE-825 - Expired pointer dereference

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to expired pointer dereference error for CURLOPT_CONNECT_ONLY connections that may lead to information disclosure. If the application is using the CURLOPT_CONNECT_ONLY option to check if the website is accessible, an attacker might abuse this feature and force the application to re-use expired connection and send data intended to another connection to attacker controlled server.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Code Injection

EUVDB-ID: #VU50621

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-27619

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to Python executed eval() function on the code, retrieved via HTTP protocol in Lib/test/multibytecodec_support.py CJK codec tests. A remote attacker with ability to intercept network traffic can perform a Man-in-the-Middle (MitM) attack and execute arbitrary Python code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU54337

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-10228

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU18153

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-3842

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to pam_systemd creates a user session using environmental parameters. A local user can spoof an active session and gain additional PolicyKit privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU66613

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-29894

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to use of a broken or risky cryptographic algorithm. A remote unauthenticated attacker can trigger the vulnerability and decrypt highly sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Integer overflow

EUVDB-ID: #VU29014

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10543

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in nested regular expression quantifiers. A remote attacker can pass specially crafted data to the application, trigger integer overflow, leading to heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Integer overflow

EUVDB-ID: #VU29015

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10878

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A remote attacker can use a specially crafted regular expression, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Heap-based buffer overflow

EUVDB-ID: #VU48759

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25712

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within XkbSetDeviceInfo functionality. A local user can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Heap-based buffer overflow

EUVDB-ID: #VU53844

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-25011

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in PutLE16() function in libwebp.  A remote attacker can create a specially crafted file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds write

EUVDB-ID: #VU30165

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-15358

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU53842

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-36329

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in libwebp. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Buffer overflow

EUVDB-ID: #VU49973

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3177

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary within the PyCArg_repr in _ctypes/callproc.c. A remote attacker can pass specially crafted input to the Python applications that accept floating-point numbers as untrusted input, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU55058

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2369

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error in JAR validation implementation. A remote attacker can modify the signed JAR file in a way it will be considered as signed.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Incorrect Regular Expression

EUVDB-ID: #VU52985

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-28469

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect handling of user-supplied input in regular expression. A remote attacker can pass specially crafted input to the application and perform regular expression denial of service (ReDoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Incorrect Regular Expression

EUVDB-ID: #VU66616

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-23364

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper Authentication

EUVDB-ID: #VU66614

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-20578

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can bypass authentication process and gain unauthorized access to the application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper Neutralization of HTTP Headers for Scripting Syntax

EUVDB-ID: #VU29290

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8177

CWE-ID: CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax

Exploit availability: No

Description

The vulnerability allows a remote attacker to overwrite files on the victim's system.

The vulnerability exists due to a logical error when processing Content-Disposition: HTTP response header in curl when executed with the -J flag and -i flags in the same command line. A remote attacker can trick the victim to run a specially crafted curl command against a malicious website and overwrite files on the user's system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Reachable Assertion

EUVDB-ID: #VU45819

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8622

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when handling TSIG-signed request. An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Reachable Assertion

EUVDB-ID: #VU28123

Risk: Medium

CVSSv3.1: 7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2020-8617

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when checking validity of messages containing TSIG resource records within tsig.c. A remote attacker can send a specially crafted message and cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

23) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU45817

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8624

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to perform unauthorized actions.

The vulnerability exists due to change 4885 in BIND inadvertently caused "update-policy" rules of type "subdomain" to be treated as if they were of type "zonesub", allowing updates to all parts of the zone along with the intended subdomain. A remote user with privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper Initialization

EUVDB-ID: #VU45684

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14347

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local authenticated user to gain access to sensitive information.

A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Infinite loop

EUVDB-ID: #VU50404

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-27618

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within iconv implementation when processing multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, IBM1399 encodings. A remote attacker can pass specially crafted data to the application, consume all available system resources and cause denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Stack-based buffer overflow

EUVDB-ID: #VU26388

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10029

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows an attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within "sysdeps/ieee754/ldbl-96/e_rem_pio2l.c" in GNU C Library (aka glibc or libc6). An attacker can pas specially crafted input to the application and trigger a stack-based buffer overflow.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system or denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Universal cross-site scripting

EUVDB-ID: #VU52643

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1825

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Insufficient verification of data authenticity

EUVDB-ID: #VU54477

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-20271

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an error in RPM's signature check functionality when reading package files. A remote attacker can create a specially crafted package with a modified signature header, trick the victim into installing and compromise the affected system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Integer underflow

EUVDB-ID: #VU46031

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14362

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer underflow in the XRecordRegisterClients(). A local user can send a specially crafted request to the affected application, trigger integer underflow and execute arbitrary code on the target system with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Integer underflow

EUVDB-ID: #VU46030

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14361

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer underflow in the XkbSelectEvents(). A local user can send a specially crafted request to the affected application, trigger integer underflow and execute arbitrary code on the target system with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Integer underflow

EUVDB-ID: #VU46029

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14346

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer underflow in the XIChangeHierarchy(). A local user can send a specially crafted request to the affected application, trigger integer underflow and execute arbitrary code on the target system with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Out-of-bounds read

EUVDB-ID: #VU46028

Risk: Low

CVSSv3.1: 2.5 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14345

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in XkbSetNames(). A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Integer overflow

EUVDB-ID: #VU41865

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14344

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow in the X Input Method (XIM) client in libX11. A local user can run a specially crafted program, trigger integer overflow and execute arbitrary code on the system with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Input validation error

EUVDB-ID: #VU29539

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13776

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to systemd mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Input validation error

EUVDB-ID: #VU53289

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3541

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Reachable Assertion

EUVDB-ID: #VU52734

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25214

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when pressing IXFR queries. An IXFR stream containing SOA records with an owner name other than the transferred zone's apex may cause the receiving named server to inadvertently remove the SOA record for the zone in question from the zone database. This leads to an assertion failure when the next SOA refresh query for that zone is made. When a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Out-of-bounds read

EUVDB-ID: #VU54624

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-22918

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in uv__idna_toascii() function in libuv, which is used to convert strings to ASCII. A remote attacker can force the application to resolve a specially crafted hostname, trigger an out-of-bounds read error and gain access to sensitive information or perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper Initialization

EUVDB-ID: #VU52673

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1820

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to improper memory initialization in WebKit. A remote attacker can create a specially crafted web page, trick the victim into visiting it and disclose contents of process memory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Input validation error

EUVDB-ID: #VU50814

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-23336

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform web cache spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in django.utils.http.limited_parse_qsl() when parsing strings with a semicolon (";"). A remote attacker can pass specially crafted data to the application and perform a spoofing attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Information disclosure

EUVDB-ID: #VU48893

Risk: Medium

CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8284

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way cURL handles PASV responses. A remote attacker with control over malicious FTP server can use the PASV response to trick curl into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) CRLF injection

EUVDB-ID: #VU48592

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-26116

CWE-ID: CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to inject arbitrary data in server response.

The vulnerability exists due to insufficient validation of attacker-supplied data in "http.client". A remote attacker can pass specially crafted data to the application containing CR-LF characters and modify application behavior.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Out-of-bounds write

EUVDB-ID: #VU46804

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9983

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in WebKit component in Apple Safari. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Type Confusion

EUVDB-ID: #VU46801

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9948

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error in WebKit component in Apple Safari. A remote attacker can trick the victim to visit a specially crafted web page, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Uncontrolled Memory Allocation

EUVDB-ID: #VU55034

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-33910

CWE-ID: CWE-789 - Uncontrolled Memory Allocation

Exploit availability: Yes

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to stack exhaustion within the basic/unit-name.c in systemd. A local user can crash the systemd (PID 1) and cause a kernel panic.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

45) Incorrect Conversion between Numeric Types

EUVDB-ID: #VU51455

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-27218

CWE-ID: CWE-681 - Incorrect Conversion between Numeric Types

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to incorrect conversion between numeric types in Gnome Glib. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU54479

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3421

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to insufficient signature validation in the read functionality n the RPM package. A remote attacker can trick the victim into installing a seemingly verifiable package and cause RPM database corruption.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Universal cross-site scripting

EUVDB-ID: #VU52672

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1826

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within WebKit. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Cross-site scripting

EUVDB-ID: #VU48793

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-27783

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within lxml Python clean module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) CRLF injection

EUVDB-ID: #VU47403

Risk: Medium

CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-26137

CWE-ID: CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to inject arbitrary data in server response.

The vulnerability exists due to insufficient validation of attacker-supplied data passed via the "method" parameter. A remote authenticated attacker can pass specially crafted data to the application containing CR-LF characters and modify application behavior.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Out-of-bounds write

EUVDB-ID: #VU50362

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-29573

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary within the sysdeps/i386/ldbl2mpn.c in the GNU C Library on x86  systems. A remote attacker can pass specially crafted data to the application that uses the vulnerable version of glibc and crash it.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Memory leak

EUVDB-ID: #VU29105

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-12049

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak in libdbus when a message exceeds the per-message file descriptor limit. A local user with access to the D-Bus system bus or another system service's private AF_UNIX socket can make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Buffer overflow

EUVDB-ID: #VU48945

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-29362

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a unspecified boundary error, related to processing of RPC requests. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Reachable Assertion

EUVDB-ID: #VU50075

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3326

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the iconv function in the GNU C Library (aka glibc or libc6) when processing invalid input sequences in the ISO-2022-JP-3 encoding. A remote attacker can pass specially crafted data to the application, trigger an assertion failure and crash the affected application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Incorrect Regular Expression

EUVDB-ID: #VU52194

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-27290

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect processing of SRIs. A remote attacker can pass specially crafted input to the application and perform regular expression denial of service (ReDoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Integer overflow

EUVDB-ID: #VU51456

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-27219

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the g_bytes_new() function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. A local user can run a specially crafted program to trigger an integer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Reachable Assertion

EUVDB-ID: #VU52736

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25215

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when processing DNAME records. A remote attacker can force named to add the same RRset to the ANSWER section more than once, trigger an assertion failure and crash the service. Both authoritative and recursive servers are affected by this issue during zone transfers.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Improper input validation

EUVDB-ID: #VU55057

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2388

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Incorrect Regular Expression

EUVDB-ID: #VU61255

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-23362

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing regular expression "shortcutMatch" in the "fromUrl" function. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

59) Buffer overflow

EUVDB-ID: #VU50780

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8625

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the SPNEGO implementation in the GSS-TSIG extension. A remote attacker can send a specially crafted DNS request to the server, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Improper Check for Certificate Revocation

EUVDB-ID: #VU48895

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8286

CWE-ID: CWE-299 - Improper Check for Certificate Revocation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrectly implemented checks for OCSP stapling. A remote attacker can provide a fraudulent OCSP response that would appear fine, instead of the real one.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Uncontrolled Recursion

EUVDB-ID: #VU48894

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8285

CWE-ID: CWE-674 - Uncontrolled Recursion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due tu uncontrolled recursion when processing FTP responses within the wildcard matching functionality, which allows a callback (set with <a href="https://curl.se/libcurl/c/CURLOPT_CHUNK_BGN_FUNCTION.html">CURLOPT_CHUNK_BGN_FUNCTION</a>) to return information back to libcurl on how to handle a specific entry in a directory when libcurl iterates over a list of all available entries. A remote attacker who controls the malicious FTP server can trick the victim to connect to it and crash the application, which is using the affected libcurl version.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Buffer overflow

EUVDB-ID: #VU48946

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-29363

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a unspecified boundary error, related to processing of RPC requests. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Buffer overflow

EUVDB-ID: #VU48944

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-29361

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a unspecified boundary error, related to processing of RPC requests. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) NULL pointer dereference

EUVDB-ID: #VU54223

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3537

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Uncontrolled Recursion

EUVDB-ID: #VU48444

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-28196

CWE-ID: CWE-674 - Uncontrolled Recursion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to uncontrolled recursion in MIT Kerberos 5 (aka krb5) implementation when processing ASN.1-encoded Kerberos messages in lib/krb5/asn.1/asn1_encode.c. A remote attacker can pass specially crafted data to the application that uses Kerberos and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) NULL pointer dereference

EUVDB-ID: #VU48143

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25692

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in slapd normalization handling with modrdn. A remote non-authenticated attacker can send specially crafted packet to the slapd daemon and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Allocation of Resources Without Limits or Throttling

EUVDB-ID: #VU47910

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25648

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Integer overflow

EUVDB-ID: #VU28227

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13434

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow within the sqlite3_str_vappendf() function in printf.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and crash the application.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Out-of-bounds read

EUVDB-ID: #VU50329

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-25013

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in GNU C Library within the iconv feature when processing multi-byte input sequences in the EUC-KR encoding. A remote attacker can pass specially crafted input to the application, trigger out-of-bounds read error and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Security features bypass

EUVDB-ID: #VU51732

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3450

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error in implementation of the X509_V_FLAG_X509_STRICT flag allows an attacker to overwrite a valid CA certificate using any non-CA certificate in the chain. As a result, a remote attacker can perform MitM attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Out-of-bounds read

EUVDB-ID: #VU17859

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9169

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack or gain access to sensitive information.

The vulnerability exists due to heap-based buffer over-read via an attempted case-insensitive regular-expression match. A remote attacker can perform a denial of service attack or gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Buffer overflow

EUVDB-ID: #VU56018

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-22543

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in Linux kernel when handling VM_IO|VM_PFNMAP vmas in KVM. A local user can  can bypass RO checks and cause the pages to get freed while still accessible by the VMM and guest. As a result, an attacker with the ability to start and control a VM to read/write random pages of memory, can trigger memory corruption and execute arbitrary code with elevated privileges.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

73) Link following

EUVDB-ID: #VU66611

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-24332

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to creation of the system.data file is prone to symlink attacks if the tcsd daemon is started with root privileges. A local user can create or corrupt existing files, which could possibly lead to a DoS attack

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) NULL pointer dereference

EUVDB-ID: #VU51733

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-3449

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when processing TLSv1.2 renegotiations. A remote attacker can send a maliciously crafted renegotiation ClientHello message, which omits the signature_algorithms extension but includes a signature_algorithms_cert extension, trigger a NULL pointer dereference error and crash the server.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

75) Off-by-one

EUVDB-ID: #VU15954

Risk: Low

CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-14502

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to off-by-one error for UTF-16 names in RAR archives. A remote attacker can trigger an out-of-bounds read in archive_read_format_rar_read_header and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) NULL pointer dereference

EUVDB-ID: #VU48896

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-1971

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via the API functions TS_RESP_verify_response and TS_RESP_verify_token). If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

77) Use-after-free

EUVDB-ID: #VU48617

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13584

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Double Free

EUVDB-ID: #VU46027

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14363

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when handling locales in LibX11. A local user can run a specially crafted program to trigger integer overflow and double free and execute arbitrary code on the system with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Incorrect default permissions

EUVDB-ID: #VU54338

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-2708

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to crash the service.

The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can cause a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Incorrect default permissions

EUVDB-ID: #VU18944

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13012

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can view contents of files and directories or modify them.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Improper input validation

EUVDB-ID: #VU55060

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2341

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Networking component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Improper input validation

EUVDB-ID: #VU55059

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2432

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the JNDI component in Java SE. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Command Injection

EUVDB-ID: #VU53202

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-23337

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary commands on the system.

The vulnerability exists due to improper input validation when processing templates. A remote privileged user can inject and execute arbitrary commands on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Use-after-free

EUVDB-ID: #VU52652

Risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-30661

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing web content within the WebKit Storage component. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

85) Buffer overflow

EUVDB-ID: #VU52674

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1817

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing web content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Use-after-free

EUVDB-ID: #VU46802

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9951

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the aboutBlankURL() function in WebKit component in Apple Safari. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Out-of-bounds read

EUVDB-ID: #VU48758

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14360

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing XkbSetMap requests. A local user can trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Use-after-free

EUVDB-ID: #VU48720

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13543

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error  and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Improper Privilege Management

EUVDB-ID: #VU66471

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-24330

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to the tcsd daemon is started with root privileges instead of tss user and fails to drop them after successful start. A local user can abuse such behavior and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Improper Check for Dropped Privileges

EUVDB-ID: #VU24690

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-18276

CWE-ID: CWE-273 - Improper Check for Dropped Privileges

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists in "disable_priv_mode()" function in shell.c due to the affected software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded. A local user with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

91) Integer overflow

EUVDB-ID: #VU53439

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3520

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in the fast LZ compression algorithm library. A remote attacker can pass specially crafted archive, trick the victim into opening it, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Use-after-free

EUVDB-ID: #VU54225

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3518

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in libxml2. A remote attacker can use a specially crafted file and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Out-of-bounds write

EUVDB-ID: #VU54224

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3517

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the xml entity encoding functionality. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU52195

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-20305

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Race condition

EUVDB-ID: #VU54292

Risk: Medium

CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-3609

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the CAN BCM networking protocol (net/can/bcm.c) in the Linux kernel ranging from version 2.6.25 to mainline 5.13-rc6. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

96) Use-after-free

EUVDB-ID: #VU54222

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3516

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in xmllint. A remote attacker can use a specially crafted file to execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Out-of-bounds write

EUVDB-ID: #VU56017

Risk: Low

CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-22555

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input in net/netfilter/x_tables.c in Linux kernel. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

98) Out-of-bounds read

EUVDB-ID: #VU46737

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-24977

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the xmlEncodeEntitiesInternal() function in libxml2/entities.c in libxml2. A remote attacker can pas specially crafted XML data to the affected application, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Improper Privilege Management

EUVDB-ID: #VU66612

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-24331

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper privilege management if the tcsd daemon is started with root privileges. A local user can get read and write access to the /etc/tcsd.conf file and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0

CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###