SB2022102405 - Multiple vulnerabilities in IBM Cloud Pak for Watson AIOps Infrastructure Automation
Published: October 24, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2022-32215)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to llhttp parser in the http module does not correctly handle multi-line Transfer-Encoding headers. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
2) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2022-32212)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to IsIPAddress does not properly checks if an IP address is invalid or not. A remote unauthenticated attacker can exploit this vulnerability to bypass the IsAllowedHost check and execute arbitrary code on the system.
Remediation
Install update from vendor's website.
References
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-affects-ibm-cloud-pak-for-watson-aiops-infrastructure-automation/"
- https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-affects-ibm-cloud-pak-for-watson-aiops-infrastructure-automation/</a><br>
- https://www.ibm.com/support/pages/node/6831297<br><br></p>