Multiple vulnerabilities in IBM Disconnected Log Collector



Published: 2022-09-07
Risk Medium
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2019-13990
CVE-2020-8908
CVE-2020-9488
CVE-2020-13956
CVE-2020-25649
CWE-ID CWE-611
CWE-276
CWE-295
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
IBM Disconnected Log Collector
Client/Desktop applications / Software for system administration

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) XML External Entity injection

EUVDB-ID: #VU19595

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-13990

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct an XML External Entity (XXE) attack on a targeted system.

The vulnerability exists due to insufficient validation of user-supplied XML input in the "initDocumentParser" function in the "xml/XMLSchedulingDataProcessor.java" file. A remote authenticated attacker can submit a malicious job description to the targeted system and conduct an XXE attack.


Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Disconnected Log Collector: before 1.6


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-disconnected-log-collector-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6479907

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Incorrect default permissions

EUVDB-ID: #VU50139

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-8908

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files located in the temporary directory set by the Guava com.google.common.io.Files.createTempDir(). A local user with access to the system can view contents of files and directories or modify them.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Disconnected Log Collector: before 1.6


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-disconnected-log-collector-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6479907

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Improper Certificate Validation

EUVDB-ID: #VU27487

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-9488

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform man-in-the-middle attack.

The vulnerability exists due to the Apache Log4j SMTP appender does not validate SSL certificates. A remote attacker can perform a MitM attack, intercept and decrypt network traffic.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Disconnected Log Collector: before 1.6


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-disconnected-log-collector-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6479907

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Input validation error

EUVDB-ID: #VU47481

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-13956

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected application.

The vulnerability exists due to insufficient validation of user-supplied input in Apache HttpClient. A remote attacker can pass request URIs to the library as java.net.URI object and force the application to pick the wrong target host for request execution.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Disconnected Log Collector: before 1.6


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-disconnected-log-collector-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6479907

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) XML External Entity injection

EUVDB-ID: #VU48979

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-25649

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote attacker to modify information on the system.

The vulnerability exists due to insufficient validation of user-supplied XML input. A remote attacker can pass a specially crafted XML code to the affected application and modify information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Disconnected Log Collector: before 1.6


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-disconnected-log-collector-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6479907

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###