Multiple vulnerabilities in IBM Storage Protect Server
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 11 |
| CVE-ID | CVE-2020-27216 CVE-2021-28165 CVE-2021-28169 CVE-2017-7658 CVE-2017-7657 CVE-2017-7656 CVE-2019-10241 CVE-2018-12536 CVE-2017-9735 CVE-2021-34428 CVE-2019-10247 |
| CWE-ID | CWE-362 CWE-400 CWE-20 CWE-444 CWE-200 CWE-79 CWE-208 CWE-613 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
IBM Spectrum Protect Storage Agent Server applications / Other server solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Race condition
EUVDB-ID: #VU48942
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27216
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition. On Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Storage Agent: before 8.1.19
External linkshttp://www.ibm.com/support/pages/node/7005945
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource exhaustion
EUVDB-ID: #VU51876
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28165
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when processing large TLS frames. A remote attacker can send specially crafted data to the server, trigger CPU high load and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Storage Agent: before 8.1.19
External linkshttp://www.ibm.com/support/pages/node/7005945
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU53973
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28169
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information..
The vulnerability exists due to a double decoding issue when parsing URI with certain characters. A remote attacker can send requests to the ConcatServlet and WelcomeFilter and view contents of protected resources within the WEB-INF directory.
Example:
/concat?/%2557EB-INF/web.xml
Install update from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Storage Agent: before 8.1.19
External linkshttp://www.ibm.com/support/pages/node/7005945
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) HTTP request smuggling attack
EUVDB-ID: #VU13529
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-7658
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to conduct an HTTP request smuggling attack on the target system.
The vulnerability exists due to improper handling HTTP requests that contain more than one content-length header. A remote attacker can send a specially crafted HTTP request that contains a transfer-encoding header and a content-length header, cause the software and an upstream HTTP agent to misinterpret the boundary of the request and to poison the web cache on the system, which could be used to conduct further attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Storage Agent: before 8.1.19
External linkshttp://www.ibm.com/support/pages/node/7005945
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU13528
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-7657
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to improper handling of queries that do not match the dynamic URL pattern for webapps that use default error handling settings. A remote attacker can send a query that submits malicious input, trigger a java.nio.file.InvalidPathException message, which could allow the attacker to view sensitive information, such as the software installation path.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Storage Agent: before 8.1.19
External linkshttp://www.ibm.com/support/pages/node/7005945
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) HTTP request smuggling attack
EUVDB-ID: #VU13527
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-7656
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to conduct an HTTP request smuggling attack on the target system.
The vulnerability exists due to improper handling of HTTP/0.9 requests. A remote attacker can send a specially crafted HTTP/0.9 request that submits malicious request headers, cause the software and an upstream HTTP agent to misinterpret the boundary of the request and poison the web cache on the system, which could be used to conduct further attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Storage Agent: before 8.1.19
External linkshttp://www.ibm.com/support/pages/node/7005945
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Cross-site scripting
EUVDB-ID: #VU26320
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10241
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Storage Agent: before 8.1.19
External linkshttp://www.ibm.com/support/pages/node/7005945
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Information disclosure
EUVDB-ID: #VU13530
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12536
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to improper handling of queries that do not match the dynamic URL pattern for webapps that use default error handling settings. A remote attacker can send a query that submits malicious input, trigger a java.nio.file.InvalidPathException message, which could allow the attacker to view sensitive information, such as the software installation path.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Storage Agent: before 8.1.19
External linkshttp://www.ibm.com/support/pages/node/7005945
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Brute-force attack
EUVDB-ID: #VU9654
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-9735
CWE-ID:
CWE-208 - Information Exposure Through Timing Discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a brute-force attack.
The vulnerability exists due to a timing channel in util/security/Password.java, which allows a remote attacker to perform a brute-force attack by observing elapsed times before rejection of incorrect passwords.
Install update from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Storage Agent: before 8.1.19
External linkshttp://www.ibm.com/support/pages/node/7005945
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Insufficient Session Expiration
EUVDB-ID: #VU55642
Risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-34428
CWE-ID:
CWE-613 - Insufficient Session Expiration
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to insufficient session expiration issue. If an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Storage Agent: before 8.1.19
External linkshttp://www.ibm.com/support/pages/node/7005945
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper input validation
EUVDB-ID: #VU25067
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-10247
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Integrator Acquistion System (Eclipse Jetty) component in Oracle Endeca Information Discovery Integrator. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Spectrum Protect Storage Agent: before 8.1.19
External linkshttp://www.ibm.com/support/pages/node/7005945
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
