Multiple vulnerabilities in IBM Cloud Pak for Multicloud Management Monitoring



Published: 2023-09-07
Risk Medium
Patch available YES
Number of vulnerabilities 10
CVE-ID CVE-2022-32212
CVE-2022-32213
CVE-2022-32214
CVE-2022-32222
CVE-2022-32215
CVE-2022-0778
CVE-2021-44533
CVE-2022-21824
CVE-2021-44531
CVE-2021-44532
CWE-ID CWE-703
CWE-444
CWE-254
CWE-835
CWE-295
CWE-94
CWE-297
Exploitation vector Network
Public exploit Public exploit code for vulnerability #6 is available.
Vulnerable software
Subscribe 		IBM Cloud Pak for Multicloud Management Monitoring
Server applications / Other server solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 10 vulnerabilities.

1) Improper Check or Handling of Exceptional Conditions

EUVDB-ID: #VU65273

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-32212

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to IsIPAddress does not properly checks if an IP address is invalid or not. A remote unauthenticated attacker can exploit this vulnerability to bypass the IsAllowedHost check and execute arbitrary code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Multicloud Management Monitoring: before 2.3 Fix Pack 7

Fixed software versions

CPE2.3 External links

http://www.ibm.com/support/pages/node/7030612


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU65275

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-32213

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially-crafted request to lead to HTTP Request Smuggling to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Multicloud Management Monitoring: before 2.3 Fix Pack 7

Fixed software versions

CPE2.3 External links

http://www.ibm.com/support/pages/node/7030612


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU65278

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-32214

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to llhttp parser in the http module does not strictly use the CRLF sequence to delimit HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Multicloud Management Monitoring: before 2.3 Fix Pack 7

Fixed software versions

CPE2.3 External links

http://www.ibm.com/support/pages/node/7030612


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Security features bypass

EUVDB-ID: #VU65280

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-32222

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to bypass security restrictions

The vulnerability exists due to Node.js after start on linux based systems attempts to read /home/iojs/build/ws/out/Release/obj.target/deps/openssl/openssl.cnf, which ordinarily doesn't exist. A remote unauthenticated attacker can attemp to read openssl.cnf from /home/iojs/build/ upon startup to create this file and affect the default OpenSSL configuration for other users.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Multicloud Management Monitoring: before 2.3 Fix Pack 7

Fixed software versions

CPE2.3 External links

http://www.ibm.com/support/pages/node/7030612


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU65282

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-32215

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to llhttp parser in the http module does not correctly handle multi-line Transfer-Encoding headers. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Multicloud Management Monitoring: before 2.3 Fix Pack 7

Fixed software versions

CPE2.3 External links

http://www.ibm.com/support/pages/node/7030612


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Infinite loop

EUVDB-ID: #VU61391

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-0778

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the BN_mod_sqrt() function when processing an ASN.1 certificate that contains elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. A remote attacker can supply a specially crafted certificate to the TLS server or client, consume all available system resources and cause denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Multicloud Management Monitoring: before 2.3 Fix Pack 7

Fixed software versions

CPE2.3 External links

http://www.ibm.com/support/pages/node/7030612


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Improper Certificate Validation

EUVDB-ID: #VU59550

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-44533

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to improper validation of certificate subject and issuer fields. A remote attacker can create a certificate with specially crafted multi-value Relative Distinguished Names and perform spoofing attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Multicloud Management Monitoring: before 2.3 Fix Pack 7

Fixed software versions

CPE2.3 External links

http://www.ibm.com/support/pages/node/7030612


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Prototype pollution

EUVDB-ID: #VU59551

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21824

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to the formatting logic of the console.table() function. A remote attacker can send a specially crafted request and assign an empty string to numerical keys of the object prototype.


Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Multicloud Management Monitoring: before 2.3 Fix Pack 7

Fixed software versions

CPE2.3 External links

http://www.ibm.com/support/pages/node/7030612


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Improper Certificate Validation

EUVDB-ID: #VU59548

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-44531

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to insufficient validation of URI Subject Alternative Names. Node.js accepts arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type. A remote attacker can bypass name-constrained intermediates and perform spoofing attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Multicloud Management Monitoring: before 2.3 Fix Pack 7

Fixed software versions

CPE2.3 External links

http://www.ibm.com/support/pages/node/7030612


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Improper validation of certificate with host mismatch

EUVDB-ID: #VU59549

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-44532

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to improper validation of certificates, when converting SANs (Subject Alternative Names) to a string format. A remote attacker can inject special characters into the string and perform spoofing attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Multicloud Management Monitoring: before 2.3 Fix Pack 7

Fixed software versions

CPE2.3 External links

http://www.ibm.com/support/pages/node/7030612


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###