Risk | High |
Patch available | YES |
Number of vulnerabilities | 5 |
CVE-ID | CVE-2021-23018 CVE-2021-23017 CVE-2021-23021 CVE-2021-23020 CVE-2021-23019 |
CWE-ID | CWE-319 CWE-193 CWE-276 CWE-338 CWE-312 |
Exploitation vector | Network |
Public exploit | Public exploit code for vulnerability #2 is available. |
Vulnerable software Subscribe |
IBM Cloud Pak for Business Automation Server applications / Other server solutions |
Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
EUVDB-ID: #VU67564
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-23018
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the services within the NGINX Controller namespace are using cleartext protocols inside the cluster. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Cloud Pak for Business Automation: before 22.0.1.1
CPE2.3http://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-f5-nginx-controller-affect-ibm-cloud-pak-for-automation/
http://www.ibm.com/support/pages/node/6473495
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU53543
Risk: High
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-23017
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an off-by-one error within the ngx_resolver_copy()
function when processing DNS responses. A remote attacker can trigger an off-by-one error, write a dot character (‘.’, 0x2E) out of bounds in a heap allocated buffer and execute arbitrary code on the system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
The vulnerability can be triggered by a DNS response in reply to a DNS request from nginx when the resolver primitive is configured. A specially crafted packet allows overwriting the least significant byte of next heap chunk metadata with 0x2E.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Cloud Pak for Business Automation: before 22.0.1.1
CPE2.3http://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-f5-nginx-controller-affect-ibm-cloud-pak-for-automation/
http://www.ibm.com/support/pages/node/6473495
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU53576
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-23021
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for agent configuration file /etc/controller-agent/agent.conf. A local user with access to the system can obtain sensitive information, such as the API key.
Install update from vendor's website.
Vulnerable software versionsIBM Cloud Pak for Business Automation: before 22.0.1.1
CPE2.3http://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-f5-nginx-controller-affect-ibm-cloud-pak-for-automation/
http://www.ibm.com/support/pages/node/6473495
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU53577
Risk: Low
CVSSv3.1: 4.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-23020
CWE-ID:
CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
the vulnerability exists due to the NAAS API keys are generated using an insecure pseudo-random string and hashing algorithm. A local user can potentially generate a valid user key.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Cloud Pak for Business Automation: before 22.0.1.1
CPE2.3http://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-f5-nginx-controller-affect-ibm-cloud-pak-for-automation/
http://www.ibm.com/support/pages/node/6473495
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU53575
Risk: High
CVSSv3.1: 7.4 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-23019
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the NGINX Controller Administrator password is exposed via the
systemd.txt file that is included in the NGINX support package. An attacker, who can obtain the support package can retrieve administrator's password and gain unauthorized access to the system.
Install update from vendor's website.
Vulnerable software versionsIBM Cloud Pak for Business Automation: before 22.0.1.1
CPE2.3http://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-f5-nginx-controller-affect-ibm-cloud-pak-for-automation/
http://www.ibm.com/support/pages/node/6473495
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.