SB2023013136 - Multiple vulnerabilities in IBM Cloud Pak for Security (CP4S)

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023013136

SB2023013136 - Multiple vulnerabilities in IBM Cloud Pak for Security (CP4S)

Published: January 31, 2023

Security Bulletin ID SB2023013136
Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 71% Low 29%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Code Injection (CVE-ID: CVE-2021-3918)

The disclosed vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient sanitization of user-supplied data during the validation of a JSON object. A remote attacker can pass a specially crafted JSON file for validation and execute arbitrary code.


2) Input validation error (CVE-ID: CVE-2020-1747)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of user-supplied input when processing untrusted YAML files passed via the "full_load" method or with the "FullLoader" loader. A remote attacker can pass specially crafted input to the application and execute arbitrary code by abusing the python/object/new constructor.


3) Overly permissive cross-domain whitelist (CVE-ID: CVE-2022-1996)

The vulnerability allows a remote attacker to bypass the CORS protection mechanism.

The vulnerability exists due to incorrect processing of the "Origin" HTTP header that is supplied within HTTP request. A remote attacker can supply arbitrary value via the "Origin" HTTP header, bypass implemented CORS protection mechanism and perform cross-site scripting attacks against the vulnerable application.


4) Improper Neutralization of Argument Delimiters in a Command (CVE-ID: CVE-2022-21235)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to argument strings being passed to hg in a way that additional flags can be set when hg is executed. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.


5) Command Injection (CVE-ID: CVE-2021-42740)

The vulnerability allows a remote attacker to execute arbitrary commands on the system.

The vulnerability exists due to improper input validation in the regex designed to support Windows drive letters before passing it into the exec() call. A remote attacker can pass specially crafted payload to the application and execute arbitrary code on the system.


6) Improper access control (CVE-ID: CVE-2020-26892)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to improper access restrictions in JWT library in NATS nats-server when handling expired credentials. A remote attacker can send a specially crafted request, gain unauthorized access and execute arbitrary code on the system.


7) Resource exhaustion (CVE-ID: CVE-2021-29469)

The vulnerability allows a remote attacker to perform a regular expression denial of service (ReDoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources, when a client is in monitoring mode. A remote attacker can trigger resource exhaustion and perform a regular expression denial of service (ReDoS) attack.


Remediation

Install update from vendor's website.

References