Multiple vulnerabilities in IBM Cloud Pak for Security (CP4S)
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2021-3918 CVE-2020-1747 CVE-2022-1996 CVE-2022-21235 CVE-2021-42740 CVE-2020-26892 CVE-2021-29469 |
| CWE-ID | CWE-94 CWE-20 CWE-942 CWE-88 CWE-77 CWE-284 CWE-400 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Cloud Pak for Security (CP4S) Client/Desktop applications / Other client software |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Code Injection
EUVDB-ID: #VU64034
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3918
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient sanitization of user-supplied data during the validation of a JSON object. A remote attacker can pass a specially crafted JSON file for validation and execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.10.1.0 - 1.10.6.0
External linkshttp://www.ibm.com/support/pages/node/6854977
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU25823
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-1747
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input when processing untrusted YAML files passed via the "full_load" method or with the "FullLoader" loader. A remote attacker can pass specially crafted input to the application and execute arbitrary code by abusing the python/object/new constructor.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.10.1.0 - 1.10.6.0
External linkshttp://www.ibm.com/support/pages/node/6854977
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Overly permissive cross-domain whitelist
EUVDB-ID: #VU66447
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1996
CWE-ID:
CWE-942 - Overly Permissive Cross-domain Whitelist
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass the CORS protection mechanism.
The vulnerability exists due to incorrect processing of the "Origin" HTTP header that is supplied within HTTP request. A remote attacker can supply arbitrary value via the "Origin" HTTP header, bypass implemented CORS protection mechanism and perform cross-site scripting attacks against the vulnerable application.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.10.1.0 - 1.10.6.0
External linkshttp://www.ibm.com/support/pages/node/6854977
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Neutralization of Argument Delimiters in a Command
EUVDB-ID: #VU71700
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21235
CWE-ID:
CWE-88 - Argument Injection or Modification
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to argument strings being passed to hg in a way that additional flags can be set when hg is executed. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.10.1.0 - 1.10.6.0
External linkshttp://www.ibm.com/support/pages/node/6854977
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Command Injection
EUVDB-ID: #VU67516
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-42740
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary commands on the system.
The vulnerability exists due to improper input validation in the regex designed to support Windows drive letters before passing it into the exec() call. A remote attacker can pass specially crafted payload to the application and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.10.1.0 - 1.10.6.0
External linkshttp://www.ibm.com/support/pages/node/6854977
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper access control
EUVDB-ID: #VU64780
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-26892
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to improper access restrictions in JWT library in NATS nats-server when handling expired credentials. A remote attacker can send a specially crafted request, gain unauthorized access and execute arbitrary code on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.10.1.0 - 1.10.6.0
External linkshttp://www.ibm.com/support/pages/node/6854977
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Resource exhaustion
EUVDB-ID: #VU56912
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-29469
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a regular expression denial of service (ReDoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources, when a client is in monitoring mode. A remote attacker can trigger resource exhaustion and perform a regular expression denial of service (ReDoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): 1.10.1.0 - 1.10.6.0
External linkshttp://www.ibm.com/support/pages/node/6854977
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
