Multiple vulnerabilities in IBM MQ Operator



Published: 2022-12-01
Risk High
Patch available YES
Number of vulnerabilities 8
CVE-ID CVE-2022-23990
CVE-2020-35525
CVE-2020-35527
CVE-2016-3709
CVE-2022-40674
CVE-2022-3515
CVE-2022-37434
CVE-2022-2509
CWE-ID CWE-190
CWE-476
CWE-125
CWE-79
CWE-416
CWE-122
CWE-415
Exploitation vector Network
Public exploit Public exploit code for vulnerability #7 is available.
Vulnerable software
Subscribe
IBM supplied MQ Advanced container images
Other software / Other software solutions

IBM MQ Operator LTS
Other software / Other software solutions

IBM MQ Operator CD
Server applications / Other server solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Integer overflow

EUVDB-ID: #VU60114

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-23990

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in the doProlog() function. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM supplied MQ Advanced container images: 9.3.0.0-r1 - 9.3.1.0-r1

IBM MQ Operator LTS: 2.0.4

IBM MQ Operator CD: 2.1.0


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-queue-manager-container-images-are-vulnerable-to-multiple-vulnerabilities-from-expat-sqlite-libxml2-libksba-zlib-and-gnutls/
http://www.ibm.com/support/pages/node/6842505

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) NULL pointer dereference

EUVDB-ID: #VU67411

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-35525

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the INTERSEC query processing. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM supplied MQ Advanced container images: 9.3.0.0-r1 - 9.3.1.0-r1

IBM MQ Operator LTS: 2.0.4

IBM MQ Operator CD: 2.1.0


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-queue-manager-container-images-are-vulnerable-to-multiple-vulnerabilities-from-expat-sqlite-libxml2-libksba-zlib-and-gnutls/
http://www.ibm.com/support/pages/node/6842505

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Out-of-bounds read

EUVDB-ID: #VU67412

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-35527

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling ALTER TABLE for views that have a nested FROM clause. A remote attacker can pass specially crafted input to the application, trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM supplied MQ Advanced container images: 9.3.0.0-r1 - 9.3.1.0-r1

IBM MQ Operator LTS: 2.0.4

IBM MQ Operator CD: 2.1.0


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-queue-manager-container-images-are-vulnerable-to-multiple-vulnerabilities-from-expat-sqlite-libxml2-libksba-zlib-and-gnutls/
http://www.ibm.com/support/pages/node/6842505

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Cross-site scripting

EUVDB-ID: #VU66123

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2016-3709

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM supplied MQ Advanced container images: 9.3.0.0-r1 - 9.3.1.0-r1

IBM MQ Operator LTS: 2.0.4

IBM MQ Operator CD: 2.1.0


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-queue-manager-container-images-are-vulnerable-to-multiple-vulnerabilities-from-expat-sqlite-libxml2-libksba-zlib-and-gnutls/
http://www.ibm.com/support/pages/node/6842505

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Use-after-free

EUVDB-ID: #VU67532

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-40674

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the doContent() function in xmlparse.c. A remote attacker can pass specially crafted input to the application that is using the affected library, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM supplied MQ Advanced container images: 9.3.0.0-r1 - 9.3.1.0-r1

IBM MQ Operator LTS: 2.0.4

IBM MQ Operator CD: 2.1.0


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-queue-manager-container-images-are-vulnerable-to-multiple-vulnerabilities-from-expat-sqlite-libxml2-libksba-zlib-and-gnutls/
http://www.ibm.com/support/pages/node/6842505

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Integer overflow

EUVDB-ID: #VU68376

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-3515

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the CRL parser in libksba. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM supplied MQ Advanced container images: 9.3.0.0-r1 - 9.3.1.0-r1

IBM MQ Operator LTS: 2.0.4

IBM MQ Operator CD: 2.1.0


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-queue-manager-container-images-are-vulnerable-to-multiple-vulnerabilities-from-expat-sqlite-libxml2-libksba-zlib-and-gnutls/
http://www.ibm.com/support/pages/node/6842505

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Heap-based buffer overflow

EUVDB-ID: #VU66153

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-37434

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing a large gzip header within inflateGetHeader in inflate.c. A remote attacker can pass a specially crafted file to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.


Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM supplied MQ Advanced container images: 9.3.0.0-r1 - 9.3.1.0-r1

IBM MQ Operator LTS: 2.0.4

IBM MQ Operator CD: 2.1.0


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-queue-manager-container-images-are-vulnerable-to-multiple-vulnerabilities-from-expat-sqlite-libxml2-libksba-zlib-and-gnutls/
http://www.ibm.com/support/pages/node/6842505

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Double Free

EUVDB-ID: #VU65915

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-2509

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within gnutls_pkcs7_verify() function when verifying the pkcs7 signatures. A remote attacker can pass specially crafted data to the application, trigger a double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM supplied MQ Advanced container images: 9.3.0.0-r1 - 9.3.1.0-r1

IBM MQ Operator LTS: 2.0.4

IBM MQ Operator CD: 2.1.0


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-queue-manager-container-images-are-vulnerable-to-multiple-vulnerabilities-from-expat-sqlite-libxml2-libksba-zlib-and-gnutls/
http://www.ibm.com/support/pages/node/6842505

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###