Multiple vulnerabilities in IBM Cloud Pak for Security
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 99 |
| CVE-ID | CVE-2020-36328 CVE-2021-2163 CVE-2020-8927 CVE-2020-8231 CVE-2020-27619 CVE-2016-10228 CVE-2019-3842 CVE-2021-29894 CVE-2020-10543 CVE-2020-10878 CVE-2020-25712 CVE-2018-25011 CVE-2020-15358 CVE-2020-36329 CVE-2021-3177 CVE-2021-2369 CVE-2020-28469 CVE-2021-23364 CVE-2021-20578 CVE-2020-8177 CVE-2020-8622 CVE-2020-8617 CVE-2020-8624 CVE-2020-14347 CVE-2020-27618 CVE-2020-10029 CVE-2021-1825 CVE-2021-20271 CVE-2020-14362 CVE-2020-14361 CVE-2020-14346 CVE-2020-14345 CVE-2020-14344 CVE-2020-13776 CVE-2021-3541 CVE-2021-25214 CVE-2021-22918 CVE-2021-1820 CVE-2021-23336 CVE-2020-8284 CVE-2020-26116 CVE-2020-9983 CVE-2020-9948 CVE-2021-33910 CVE-2021-27218 CVE-2021-3421 CVE-2021-1826 CVE-2020-27783 CVE-2020-26137 CVE-2020-29573 CVE-2020-12049 CVE-2020-29362 CVE-2021-3326 CVE-2021-27290 CVE-2021-27219 CVE-2021-25215 CVE-2021-2388 CVE-2021-23362 CVE-2020-8625 CVE-2020-8286 CVE-2020-8285 CVE-2020-29363 CVE-2020-29361 CVE-2021-3537 CVE-2020-28196 CVE-2020-25692 CVE-2020-25648 CVE-2020-13434 CVE-2019-25013 CVE-2021-3450 CVE-2019-9169 CVE-2021-22543 CVE-2020-24332 CVE-2021-3449 CVE-2017-14502 CVE-2020-1971 CVE-2020-13584 CVE-2020-14363 CVE-2019-2708 CVE-2019-13012 CVE-2021-2341 CVE-2021-2432 CVE-2021-23337 CVE-2021-30661 CVE-2021-1817 CVE-2020-9951 CVE-2020-14360 CVE-2020-13543 CVE-2020-24330 CVE-2019-18276 CVE-2021-3520 CVE-2021-3518 CVE-2021-3517 CVE-2021-20305 CVE-2021-3609 CVE-2021-3516 CVE-2021-22555 CVE-2020-24977 CVE-2020-24331 |
| CWE-ID | CWE-122 CWE-20 CWE-120 CWE-825 CWE-94 CWE-264 CWE-327 CWE-190 CWE-787 CWE-416 CWE-119 CWE-347 CWE-185 CWE-287 CWE-644 CWE-617 CWE-665 CWE-835 CWE-121 CWE-79 CWE-345 CWE-191 CWE-125 CWE-200 CWE-93 CWE-843 CWE-789 CWE-681 CWE-401 CWE-299 CWE-674 CWE-476 CWE-770 CWE-254 CWE-59 CWE-193 CWE-415 CWE-276 CWE-77 CWE-269 CWE-273 CWE-362 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #22 is available. Public exploit code for vulnerability #44 is available. Public exploit code for vulnerability #58 is available. Public exploit code for vulnerability #72 is available. Public exploit code for vulnerability #74 is available. Public exploit code for vulnerability #76 is available. Vulnerability #84 is being exploited in the wild. Public exploit code for vulnerability #90 is available. Public exploit code for vulnerability #95 is available. Vulnerability #97 is being exploited in the wild. |
| Vulnerable software Subscribe |
Cloud Pak for Security (CP4S) Client/Desktop applications / Other client software |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 99 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU53843
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36328
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebPDecodeRGBInto function in libwebp. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU52449
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2163
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU46905
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8927
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Expired pointer dereference
EUVDB-ID: #VU45794
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8231
CWE-ID:
CWE-825 - Expired pointer dereference
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to expired pointer dereference error for CURLOPT_CONNECT_ONLY connections that may lead to information disclosure. If the application is using the CURLOPT_CONNECT_ONLY option to check if the website is accessible, an attacker might abuse this feature and force the application to re-use expired connection and send data intended to another connection to attacker controlled server.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Code Injection
EUVDB-ID: #VU50621
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27619
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to Python executed eval() function on the code, retrieved via HTTP protocol in Lib/test/multibytecodec_support.py CJK codec tests. A remote attacker with ability to intercept network traffic can perform a Man-in-the-Middle (MitM) attack and execute arbitrary Python code on the system.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU54337
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-10228
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU18153
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-3842
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to pam_systemd creates a user session using environmental parameters. A local user can spoof an active session and gain additional PolicyKit privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU66613
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-29894
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to use of a broken or risky cryptographic algorithm. A remote unauthenticated attacker can trigger the vulnerability and decrypt highly sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Integer overflow
EUVDB-ID: #VU29014
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10543
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in nested regular expression quantifiers. A remote attacker can pass specially crafted data to the application, trigger integer overflow, leading to heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Integer overflow
EUVDB-ID: #VU29015
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10878
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A remote attacker can use a specially crafted regular expression, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Heap-based buffer overflow
EUVDB-ID: #VU48759
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25712
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within XkbSetDeviceInfo functionality. A local user can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Heap-based buffer overflow
EUVDB-ID: #VU53844
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-25011
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in PutLE16() function in libwebp. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds write
EUVDB-ID: #VU30165
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-15358
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU53842
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36329
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in libwebp. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer overflow
EUVDB-ID: #VU49973
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3177
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary within the PyCArg_repr in _ctypes/callproc.c. A remote attacker can pass specially crafted input to the Python applications that accept floating-point numbers as untrusted input, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper Verification of Cryptographic Signature
EUVDB-ID: #VU55058
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2369
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error in JAR validation implementation. A remote attacker can modify the signed JAR file in a way it will be considered as signed.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Incorrect Regular Expression
EUVDB-ID: #VU52985
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28469
CWE-ID:
CWE-185 - Incorrect Regular Expression
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect handling of user-supplied input in regular expression. A remote attacker can pass specially crafted input to the application and perform regular expression denial of service (ReDoS) attack.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Incorrect Regular Expression
EUVDB-ID: #VU66616
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-23364
CWE-ID:
CWE-185 - Incorrect Regular Expression
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper Authentication
EUVDB-ID: #VU66614
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-20578
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. A remote attacker can bypass authentication process and gain unauthorized access to the application.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper Neutralization of HTTP Headers for Scripting Syntax
EUVDB-ID: #VU29290
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8177
CWE-ID:
CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to overwrite files on the victim's system.
The vulnerability exists due to a logical error when processing Content-Disposition: HTTP response header in curl when executed with the -J flag and -i flags in the same command line. A remote attacker can trick the victim to run a specially crafted curl command against a malicious website and overwrite files on the user's system.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Reachable Assertion
EUVDB-ID: #VU45819
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8622
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when handling TSIG-signed request. An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Reachable Assertion
EUVDB-ID: #VU28123
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2020-8617
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when checking validity of messages containing TSIG resource records within tsig.c. A remote attacker can send a specially crafted message and cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
23) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU45817
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8624
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform unauthorized actions.
The vulnerability exists due to change 4885 in BIND inadvertently caused "update-policy" rules of type "subdomain" to be treated as if they were of type "zonesub", allowing updates to all parts of the zone along with the intended subdomain. A remote user with privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper Initialization
EUVDB-ID: #VU45684
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14347
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Infinite loop
EUVDB-ID: #VU50404
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27618
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within iconv implementation when processing multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, IBM1399 encodings. A remote attacker can pass specially crafted data to the application, consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Stack-based buffer overflow
EUVDB-ID: #VU26388
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10029
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within "sysdeps/ieee754/ldbl-96/e_rem_pio2l.c" in GNU C Library (aka glibc or libc6). An attacker can pas specially crafted input to the application and trigger a stack-based buffer overflow.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system or denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Universal cross-site scripting
EUVDB-ID: #VU52643
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1825
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Insufficient verification of data authenticity
EUVDB-ID: #VU54477
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-20271
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an error in RPM's signature check functionality when reading package files. A remote attacker can create a specially crafted package with a modified signature header, trick the victim into installing and compromise the affected system.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Integer underflow
EUVDB-ID: #VU46031
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14362
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer underflow in the XRecordRegisterClients(). A local user can send a specially crafted request to the affected application, trigger integer underflow and execute arbitrary code on the target system with elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Integer underflow
EUVDB-ID: #VU46030
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14361
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer underflow in the XkbSelectEvents(). A local user can send a specially crafted request to the affected application, trigger integer underflow and execute arbitrary code on the target system with elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Integer underflow
EUVDB-ID: #VU46029
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14346
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer underflow in the XIChangeHierarchy(). A local user can send a specially crafted request to the affected application, trigger integer underflow and execute arbitrary code on the target system with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Out-of-bounds read
EUVDB-ID: #VU46028
Risk: Low
CVSSv3.1: 2.5 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14345
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in XkbSetNames(). A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Integer overflow
EUVDB-ID: #VU41865
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14344
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow in the X Input Method (XIM) client in libX11. A local user can run a specially crafted program, trigger integer overflow and execute arbitrary code on the system with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Input validation error
EUVDB-ID: #VU29539
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-13776
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to systemd mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Input validation error
EUVDB-ID: #VU53289
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3541
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Reachable Assertion
EUVDB-ID: #VU52734
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-25214
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when pressing IXFR queries. An IXFR stream containing SOA records with an owner name other than the transferred zone's apex may cause the receiving named
server to inadvertently remove the SOA record for the zone in question
from the zone database. This leads to an assertion failure when the next
SOA refresh query for that zone is made. When a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Out-of-bounds read
EUVDB-ID: #VU54624
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-22918
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in uv__idna_toascii() function in libuv, which is used to convert strings to ASCII. A remote attacker can force the application to resolve a specially crafted hostname, trigger an out-of-bounds read error and gain access to sensitive information or perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Improper Initialization
EUVDB-ID: #VU52673
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1820
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper memory initialization in WebKit. A remote attacker can create a specially crafted web page, trick the victim into visiting it and disclose contents of process memory.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Input validation error
EUVDB-ID: #VU50814
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-23336
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform web cache spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in django.utils.http.limited_parse_qsl() when parsing strings with a semicolon (";"). A remote attacker can pass specially crafted data to the application and perform a spoofing attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Information disclosure
EUVDB-ID: #VU48893
Risk: Medium
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8284
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way cURL handles PASV responses. A remote attacker with control over malicious FTP server can use the PASV response to trick curl into connecting
back to a given IP address and port, and this way potentially make curl
extract information about services that are otherwise private and not
disclosed, for example doing port scanning and service banner extractions.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) CRLF injection
EUVDB-ID: #VU48592
Risk: Medium
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-26116
CWE-ID:
CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to inject arbitrary data in server response.
The vulnerability exists due to insufficient validation of attacker-supplied data in "http.client". A remote attacker can pass specially crafted data to the application containing CR-LF characters and modify application behavior.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Out-of-bounds write
EUVDB-ID: #VU46804
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-9983
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in WebKit component in Apple Safari. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Type Confusion
EUVDB-ID: #VU46801
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-9948
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in WebKit component in Apple Safari. A remote attacker can trick the victim to visit a specially crafted web page, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Uncontrolled Memory Allocation
EUVDB-ID: #VU55034
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-33910
CWE-ID:
CWE-789 - Uncontrolled Memory Allocation
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to stack exhaustion within the basic/unit-name.c in systemd. A local user can crash the systemd (PID 1) and cause a kernel panic.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
45) Incorrect Conversion between Numeric Types
EUVDB-ID: #VU51455
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-27218
CWE-ID:
CWE-681 - Incorrect Conversion between Numeric Types
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to incorrect conversion between numeric types in Gnome Glib. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Improper Verification of Cryptographic Signature
EUVDB-ID: #VU54479
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3421
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to insufficient signature validation in the read functionality n the RPM package. A remote attacker can trick the victim into installing a seemingly verifiable package and cause RPM database corruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Universal cross-site scripting
EUVDB-ID: #VU52672
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1826
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within WebKit. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Cross-site scripting
EUVDB-ID: #VU48793
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27783
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within lxml Python clean module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) CRLF injection
EUVDB-ID: #VU47403
Risk: Medium
CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-26137
CWE-ID:
CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to inject arbitrary data in server response.
The vulnerability exists due to insufficient validation of attacker-supplied data passed via the "method" parameter. A remote authenticated attacker can pass specially crafted data to the application containing CR-LF characters and modify application behavior.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Out-of-bounds write
EUVDB-ID: #VU50362
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-29573
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary within the sysdeps/i386/ldbl2mpn.c in the GNU C Library on x86 systems. A remote attacker can pass specially crafted data to the application that uses the vulnerable version of glibc and crash it.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Memory leak
EUVDB-ID: #VU29105
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-12049
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak in libdbus when a message exceeds the per-message file descriptor limit. A local user with access to the D-Bus system bus or another system service's private AF_UNIX socket can make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Buffer overflow
EUVDB-ID: #VU48945
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-29362
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a unspecified boundary error, related to processing of RPC requests. A remote attacker can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Reachable Assertion
EUVDB-ID: #VU50075
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3326
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the iconv function in the GNU C Library (aka glibc or libc6) when processing invalid input sequences in the ISO-2022-JP-3 encoding. A remote attacker can pass specially crafted data to the application, trigger an assertion failure and crash the affected application.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Incorrect Regular Expression
EUVDB-ID: #VU52194
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-27290
CWE-ID:
CWE-185 - Incorrect Regular Expression
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect processing of SRIs. A remote attacker can pass specially crafted input to the application and perform regular expression denial of service (ReDoS) attack.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Integer overflow
EUVDB-ID: #VU51456
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-27219
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the g_bytes_new() function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. A local user can run a specially crafted program to trigger an integer overflow and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Reachable Assertion
EUVDB-ID: #VU52736
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-25215
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when processing DNAME records. A remote attacker can force named to add the same RRset to the ANSWER section more than once, trigger an assertion failure and crash the service. Both authoritative and recursive servers are affected by this issue during zone transfers.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Improper input validation
EUVDB-ID: #VU55057
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2388
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Incorrect Regular Expression
EUVDB-ID: #VU61255
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-23362
CWE-ID:
CWE-185 - Incorrect Regular Expression
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing regular expression "shortcutMatch" in the "fromUrl" function. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
59) Buffer overflow
EUVDB-ID: #VU50780
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8625
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the SPNEGO implementation in the GSS-TSIG extension. A remote attacker can send a specially crafted DNS request to the server, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Improper Check for Certificate Revocation
EUVDB-ID: #VU48895
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8286
CWE-ID:
CWE-299 - Improper Check for Certificate Revocation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrectly implemented checks for OCSP stapling. A remote attacker can provide a fraudulent OCSP response that would appear fine, instead of the real one.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Uncontrolled Recursion
EUVDB-ID: #VU48894
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8285
CWE-ID:
CWE-674 - Uncontrolled Recursion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due tu uncontrolled recursion when processing FTP responses within the wildcard matching functionality, which allows a callback (set
with <a href="https://curl.se/libcurl/c/CURLOPT_CHUNK_BGN_FUNCTION.html">CURLOPT_CHUNK_BGN_FUNCTION</a>) to return information back to libcurl on
how to handle a specific entry in a directory when libcurl iterates over a
list of all available entries. A remote attacker who controls the malicious FTP server can trick the victim to connect to it and crash the application, which is using the affected libcurl version.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Buffer overflow
EUVDB-ID: #VU48946
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-29363
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a unspecified boundary error, related to processing of RPC requests. A remote attacker can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Buffer overflow
EUVDB-ID: #VU48944
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-29361
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a unspecified boundary error, related to processing of RPC requests. A remote attacker can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) NULL pointer dereference
EUVDB-ID: #VU54223
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3537
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Uncontrolled Recursion
EUVDB-ID: #VU48444
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28196
CWE-ID:
CWE-674 - Uncontrolled Recursion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to uncontrolled recursion in MIT Kerberos 5 (aka krb5) implementation when processing ASN.1-encoded Kerberos messages in lib/krb5/asn.1/asn1_encode.c. A remote attacker can pass specially crafted data to the application that uses Kerberos and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) NULL pointer dereference
EUVDB-ID: #VU48143
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25692
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in slapd normalization handling with modrdn. A remote non-authenticated attacker can send specially crafted packet to the slapd daemon and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Allocation of Resources Without Limits or Throttling
EUVDB-ID: #VU47910
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25648
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Integer overflow
EUVDB-ID: #VU28227
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-13434
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow within the sqlite3_str_vappendf() function in printf.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and crash the application.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Out-of-bounds read
EUVDB-ID: #VU50329
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-25013
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in GNU C Library within the iconv feature when processing multi-byte input sequences in the EUC-KR encoding. A remote attacker can pass specially crafted input to the application, trigger out-of-bounds read error and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Security features bypass
EUVDB-ID: #VU51732
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3450
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error in implementation of the X509_V_FLAG_X509_STRICT flag allows an attacker to overwrite a valid CA certificate using any non-CA certificate in the chain. As a result, a remote attacker can perform MitM attack.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Out-of-bounds read
EUVDB-ID: #VU17859
Risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-9169
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack or gain access to sensitive information.
The vulnerability exists due to heap-based buffer over-read via an attempted case-insensitive regular-expression match. A remote attacker can perform a denial of service attack or gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Buffer overflow
EUVDB-ID: #VU56018
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-22543
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Linux kernel when handling VM_IO|VM_PFNMAP vmas in KVM. A local user can can bypass RO checks and cause the pages to get freed while still accessible by the VMM and guest. As a result, an attacker with the ability to start and control a VM to read/write random pages of memory, can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
73) Link following
EUVDB-ID: #VU66611
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24332
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to creation of the system.data file is prone to symlink attacks if the tcsd daemon is started with root privileges. A local user can create or corrupt existing files, which could possibly lead to a DoS attack
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) NULL pointer dereference
EUVDB-ID: #VU51733
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-3449
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when processing TLSv1.2 renegotiations. A remote attacker can send a maliciously crafted renegotiation ClientHello message, which omits the signature_algorithms extension but includes a signature_algorithms_cert extension, trigger a NULL pointer dereference error and crash the server. MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
75) Off-by-one
EUVDB-ID: #VU15954
Risk: Low
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-14502
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to off-by-one error for UTF-16 names in RAR archives. A remote attacker can trigger an out-of-bounds read in archive_read_format_rar_read_header and cause the service to crash.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) NULL pointer dereference
EUVDB-ID: #VU48896
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2020-1971
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via the API functions TS_RESP_verify_response and TS_RESP_verify_token). If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
77) Use-after-free
EUVDB-ID: #VU48617
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-13584
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Double Free
EUVDB-ID: #VU46027
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14363
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when handling locales in LibX11. A local user can run a specially crafted program to trigger integer overflow and double free and execute arbitrary code on the system with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Incorrect default permissions
EUVDB-ID: #VU54338
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-2708
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to crash the service.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can cause a denial of service attack.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Incorrect default permissions
EUVDB-ID: #VU18944
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13012
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can view contents of files and directories or modify them.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Improper input validation
EUVDB-ID: #VU55060
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2341
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Networking component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Improper input validation
EUVDB-ID: #VU55059
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-2432
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the JNDI component in Java SE. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Command Injection
EUVDB-ID: #VU53202
Risk: Medium
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-23337
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary commands on the system.
The vulnerability exists due to improper input validation when processing templates. A remote privileged user can inject and execute arbitrary commands on the system.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Use-after-free
EUVDB-ID: #VU52652
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-30661
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing web content within the WebKit Storage component. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
85) Buffer overflow
EUVDB-ID: #VU52674
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1817
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing web content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Use-after-free
EUVDB-ID: #VU46802
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-9951
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the aboutBlankURL() function in WebKit component in Apple Safari. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Out-of-bounds read
EUVDB-ID: #VU48758
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14360
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing XkbSetMap requests. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Use-after-free
EUVDB-ID: #VU48720
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-13543
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Improper Privilege Management
EUVDB-ID: #VU66471
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24330
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to the tcsd daemon is started with root privileges instead of tss user and fails to drop them after successful start. A local user can abuse such behavior and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Improper Check for Dropped Privileges
EUVDB-ID: #VU24690
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-18276
CWE-ID:
CWE-273 - Improper Check for Dropped Privileges
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in "disable_priv_mode()" function in shell.c due to the affected software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded. A local user with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
91) Integer overflow
EUVDB-ID: #VU53439
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3520
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the fast LZ compression algorithm library. A remote attacker can pass specially crafted archive, trick the victim into opening it, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Use-after-free
EUVDB-ID: #VU54225
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3518
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in libxml2. A remote attacker can use a specially crafted file and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Out-of-bounds write
EUVDB-ID: #VU54224
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3517
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the xml entity encoding functionality. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU52195
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-20305
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Race condition
EUVDB-ID: #VU54292
Risk: Medium
CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-3609
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in the CAN BCM networking protocol (net/can/bcm.c) in the Linux kernel ranging from version 2.6.25 to mainline 5.13-rc6. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
96) Use-after-free
EUVDB-ID: #VU54222
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3516
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in xmllint. A remote attacker can use a specially crafted file to execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Out-of-bounds write
EUVDB-ID: #VU56017
Risk: Low
CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-22555
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: Yes
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in net/netfilter/x_tables.c in Linux kernel. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
98) Out-of-bounds read
EUVDB-ID: #VU46737
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24977
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the xmlEncodeEntitiesInternal() function in libxml2/entities.c in libxml2. A remote attacker can pas specially crafted XML data to the affected application, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Improper Privilege Management
EUVDB-ID: #VU66612
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-24331
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper privilege management if the tcsd daemon is started with root privileges. A local user can get read and write access to the /etc/tcsd.conf file and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.7.0.0 - 1.7.2.0
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-uses-packages-that-are-vulnerable-to-several-cves/
http://www.ibm.com/support/pages/node/6493729
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
