Multiple vulnerabilities in IBM CICS TX Advanced

Published: 2023-03-20

Risk	Medium
Patch available	YES
Number of vulnerabilities	5
CVE-ID	CVE-2022-2879 CVE-2022-41715 CVE-2022-2880 CVE-2022-41717 CVE-2022-41716
CWE-ID	CWE-399 CWE-400 CWE-20 CWE-770
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #4 is available.
Vulnerable software Subscribe	IBM CICS TX Advanced Universal components / Libraries / Software for developers
Vendor	IBM Corporation

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Resource management error

EUVDB-ID: #VU68387

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-2879

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to absent limits on the maximum size of file headers within the Reader.Read method in archive/tar. A remote attacker can pass a specially crafted file to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM CICS TX Advanced: before 11.1.0.0 ifix7

CPE2.3

cpe:2.3:a:ibm_corporation:ibm_cics_tx_advanced:*:*:*:*:*:*:*:

External links

http://www.ibm.com/support/pages/node/6963940

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Resource exhaustion

EUVDB-ID: #VU68390

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-41715

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in regexp/syntax when handling regular expressions. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM CICS TX Advanced: before 11.1.0.0 ifix7

CPE2.3

cpe:2.3:a:ibm_corporation:ibm_cics_tx_advanced:*:*:*:*:*:*:*:

External links

http://www.ibm.com/support/pages/node/6963940

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Input validation error

EUVDB-ID: #VU68389

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-2880

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform parameter smuggling attacks.

The vulnerability exists due to incorrect handling of requests forwarded by ReverseProxy in net/http/httputil. A remote attacker can supply specially crafted parameters that cannot be parsed and are rejected by net/http and force the application to include these parameters into the forwarding request. As a result, a remote attacker can smuggle potentially dangerous HTTP parameters into the request.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM CICS TX Advanced: before 11.1.0.0 ifix7

CPE2.3

cpe:2.3:a:ibm_corporation:ibm_cics_tx_advanced:*:*:*:*:*:*:*:

External links

http://www.ibm.com/support/pages/node/6963940

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Allocation of Resources Without Limits or Throttling

EUVDB-ID: #VU70334

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-41717

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to excessive memory growth when handling HTTP/2 server requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM CICS TX Advanced: before 11.1.0.0 ifix7

CPE2.3

cpe:2.3:a:ibm_corporation:ibm_cics_tx_advanced:*:*:*:*:*:*:*:

External links

http://www.ibm.com/support/pages/node/6963940

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Input validation error

EUVDB-ID: #VU69405

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-41716

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary OS commands on the system.

The vulnerability exists due to insecure processing of unsanitized NUL values in syscall.StartProcess and os/exec.Cmd. A local user on the Windows operating system can set a specially crafted environment variable and execute arbitrary OS commands on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM CICS TX Advanced: before 11.1.0.0 ifix7

CPE2.3

cpe:2.3:a:ibm_corporation:ibm_cics_tx_advanced:*:*:*:*:*:*:*:

External links

http://www.ibm.com/support/pages/node/6963940

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?