SB2023061931 - Multiple vulnerabilities in IBM Spectrum Copy Data Management

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) Path traversal (CVE-ID: CVE-2022-41722)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the filepath.Clean() function on Windows, which can transform an invalid path such as "a/../c:/b" into the valid path "c:". As a result, an attacker can read arbitrary files on the system.

2) Resource exhaustion (CVE-ID: CVE-2022-41725)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper control over internal resources in net/http and mime/multipart. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

3) Resource exhaustion (CVE-ID: CVE-2022-41727)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A local attacker can trick the victim into opening a specially crafted malformed TIFF image, trigger resource exhaustion and perform a denial of service (DoS) attack.

4) Type conversion (CVE-ID: CVE-2020-10735)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion in algorithms with quadratic time complexity when using non-binary bases within the int() call. A remote attacker can pass specially crafted data to the affected application and perform a denial of service (DoS) attack.

5) Out-of-bounds read (CVE-ID: CVE-2022-41862)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can send an unterminated string during the establishment of Kerberos transport encryption, trigger an out-of-bounds read error and read contents of memory on the system.

6) Cleartext transmission of sensitive information (CVE-ID: CVE-2023-23914)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to state issues when handling multiple requests, which results in ignoring HSTS support. A remote attacker can perform MitM attack.

7) Cleartext transmission of sensitive information (CVE-ID: CVE-2023-23915)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to state issues when handling multiple transfers in parallel, which results in ignoring HSTS support. A remote attacker can perform MitM attack.

8) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2023-23916)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect implementation of the "chained" HTTP compression algorithms, where the number of links in the decompression chain was limited for each header instead of the entire request. A remote attacker can send a specially crafted compressed HTTP request with numerous headers and perform a denial of service (DoS) attack.

9) Incorrect calculation (CVE-ID: CVE-2023-24532)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/support/pages/node/6995589