Multiple vulnerabilities in IBM Security Risk Manager on CP4S



Published: 2022-09-12
Risk Medium
Patch available YES
Number of vulnerabilities 9
CVE-ID CVE-2020-5421
CVE-2021-27807
CVE-2021-27906
CVE-2021-22118
CVE-2021-38911
CVE-2020-8908
CVE-2020-15250
CVE-2021-31811
CVE-2021-31812
CWE-ID CWE-20
CWE-835
CWE-400
CWE-264
CWE-312
CWE-276
CWE-377
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe
IBM Security Risk Manager
Other software / Other software solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 9 vulnerabilities.

1) Improper input validation

EUVDB-ID: #VU49739

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-5421

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the Core (Spring Framework) component in Oracle Communications Session Report Manager. A remote authenticated user can exploit this vulnerability to read and manipulate data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Risk Manager: before 1.8.0.0

External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-risk-manager-on-cp4s-is-affected-by-multiple-vulnerabilities/
http://www.ibm.com/support/pages/node/6505281


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Infinite loop

EUVDB-ID: #VU51606

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-27807

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when processing PDF files. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Risk Manager: before 1.8.0.0

External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-risk-manager-on-cp4s-is-affected-by-multiple-vulnerabilities/
http://www.ibm.com/support/pages/node/6505281


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource exhaustion

EUVDB-ID: #VU51605

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-27906

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when processing PDF files. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Risk Manager: before 1.8.0.0

External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-risk-manager-on-cp4s-is-affected-by-multiple-vulnerabilities/
http://www.ibm.com/support/pages/node/6505281


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU53672

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-22118

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in the WebFlux application, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Risk Manager: before 1.8.0.0

External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-risk-manager-on-cp4s-is-affected-by-multiple-vulnerabilities/
http://www.ibm.com/support/pages/node/6505281


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Cleartext storage of sensitive information

EUVDB-ID: #VU67187

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38911

CWE-ID: CWE-312 - Cleartext Storage of Sensitive Information

Exploit availability: No

Description

The vulnerability allows an authenticated privileged user to gain access to sensitive information.

The vulnerability exists due to IBM Security Risk Manager stores user credentials in plain clear text. An authenticated privileged user can trigger the vulnerability and gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Risk Manager: before 1.8.0.0

External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-risk-manager-on-cp4s-is-affected-by-multiple-vulnerabilities/
http://www.ibm.com/support/pages/node/6505281


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Incorrect default permissions

EUVDB-ID: #VU50139

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8908

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files located in the temporary directory set by the Guava com.google.common.io.Files.createTempDir(). A local user with access to the system can view contents of files and directories or modify them.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Risk Manager: before 1.8.0.0

External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-risk-manager-on-cp4s-is-affected-by-multiple-vulnerabilities/
http://www.ibm.com/support/pages/node/6505281


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Insecure Temporary File

EUVDB-ID: #VU49330

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-15250

CWE-ID: CWE-377 - Insecure Temporary File

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the application is using the test rule TemporaryFolder that stores sensitive information in temporary files in the system temporary directory, accessible by other system users. A local user can read temporary files and obtain sensitive information, related to the application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Risk Manager: before 1.8.0.0

External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-risk-manager-on-cp4s-is-affected-by-multiple-vulnerabilities/
http://www.ibm.com/support/pages/node/6505281


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Resource exhaustion

EUVDB-ID: #VU54079

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-31811

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when processing PDF files. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Risk Manager: before 1.8.0.0

External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-risk-manager-on-cp4s-is-affected-by-multiple-vulnerabilities/
http://www.ibm.com/support/pages/node/6505281


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Infinite loop

EUVDB-ID: #VU54080

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-31812

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when processing PDF files. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Risk Manager: before 1.8.0.0

External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-risk-manager-on-cp4s-is-affected-by-multiple-vulnerabilities/
http://www.ibm.com/support/pages/node/6505281


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###