Multiple vulnerabilities in Platform Navigator and Automation Assets in IBM Cloud Pak for Integration



Published: 2023-09-08
Risk Medium
Patch available YES
Number of vulnerabilities 10
CVE-ID CVE-2023-30584
CVE-2023-30585
CVE-2023-30590
CVE-2023-30587
CVE-2023-30586
CVE-2023-30582
CVE-2023-30588
CVE-2023-30589
CVE-2023-30581
CVE-2023-30583
CWE-ID CWE-22
CWE-426
CWE-1068
CWE-284
CWE-264
CWE-20
CWE-444
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Platform Navigator in IBM Cloud Pak for Integration (CP4I)
Other software / Other software solutions

Automation Assets in IBM Cloud Pak for Integration (CP4I)
Server applications / Other server solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 10 vulnerabilities.

1) Path traversal

EUVDB-ID: #VU77594

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-30584

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error within the experimental permission model when verifying file permissions. A remote user can send a specially crafted request and read arbitrary files on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Platform Navigator in IBM Cloud Pak for Integration (CP4I): before 2023.2.1-1

Automation Assets in IBM Cloud Pak for Integration (CP4I): before 2022.2.1-11

External links

http://www.ibm.com/support/pages/node/7028064


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Untrusted search path

EUVDB-ID: #VU77601

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-30585

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the way Node.js (.msi version) installation process handles a missing %USERPROFILE% environment variable. If the variable is not set, the .msi installer will try to include a current working directory into the search path and will libraries in an unsafe manner. A local user can place a malicious file on the victim's system and execute arbitrary code with elevated privileges.

The vulnerability affects Windows installators only.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Platform Navigator in IBM Cloud Pak for Integration (CP4I): before 2023.2.1-1

Automation Assets in IBM Cloud Pak for Integration (CP4I): before 2022.2.1-11

External links

http://www.ibm.com/support/pages/node/7028064


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Inconsistency between implementation and documented design

EUVDB-ID: #VU77606

Risk: Medium

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-30590

CWE-ID: CWE-1068 - Inconsistency Between Implementation and Documented Design

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to inconsistency between implementation and documented design within the generateKeys() API function. The documented behavior is different from the actual behavior, and this difference could lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Platform Navigator in IBM Cloud Pak for Integration (CP4I): before 2023.2.1-1

Automation Assets in IBM Cloud Pak for Integration (CP4I): before 2022.2.1-11

External links

http://www.ibm.com/support/pages/node/7028064


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper access control

EUVDB-ID: #VU77595

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-30587

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user can exploit the Worker class's ability to create an "internal worker" with the kIsInternal Symbol to bypass restrictions set by the --experimental-permission flag using the built-in inspector module (node:inspector).

Mitigation

Install update from vendor's website.

Vulnerable software versions

Platform Navigator in IBM Cloud Pak for Integration (CP4I): before 2023.2.1-1

Automation Assets in IBM Cloud Pak for Integration (CP4I): before 2022.2.1-11

External links

http://www.ibm.com/support/pages/node/7028064


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU77603

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-30586

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to application allows loading arbitrary OpenSSL engines when the experimental permission model is enabled. A remote user can use the crypto.setEngine() API to bypass the permission model when called with a compatible OpenSSL engine and disable the permission model in the host process by manipulating the process's stack memory to locate the permission model Permission::enabled_ in the host process's heap memory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Platform Navigator in IBM Cloud Pak for Integration (CP4I): before 2023.2.1-1

Automation Assets in IBM Cloud Pak for Integration (CP4I): before 2022.2.1-11

External links

http://www.ibm.com/support/pages/node/7028064


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU77596

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-30582

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to an error within the experimental permission model when the --allow-fs-read flag is used with a non-* argument. An inadequate permission model fails to restrict file watching through the fs.watchFile API and result in an ability of a remote user to monitor files that they do not have explicit read access to.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Platform Navigator in IBM Cloud Pak for Integration (CP4I): before 2023.2.1-1

Automation Assets in IBM Cloud Pak for Integration (CP4I): before 2022.2.1-11

External links

http://www.ibm.com/support/pages/node/7028064


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU77604

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-30588

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied public key within the crypto.X509Certificate() API. A remote user can pass an invalid public key to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Platform Navigator in IBM Cloud Pak for Integration (CP4I): before 2023.2.1-1

Automation Assets in IBM Cloud Pak for Integration (CP4I): before 2022.2.1-11

External links

http://www.ibm.com/support/pages/node/7028064


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU77605

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-30589

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests in the llhttp parser. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Platform Navigator in IBM Cloud Pak for Integration (CP4I): before 2023.2.1-1

Automation Assets in IBM Cloud Pak for Integration (CP4I): before 2022.2.1-11

External links

http://www.ibm.com/support/pages/node/7028064


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU77586

Risk: Medium

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-30581

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the use of proto in process.mainModule.proto.require(). This allows to bypass the policy mechanism and require modules outside of the policy.json definition.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Platform Navigator in IBM Cloud Pak for Integration (CP4I): before 2023.2.1-1

Automation Assets in IBM Cloud Pak for Integration (CP4I): before 2022.2.1-11

External links

http://www.ibm.com/support/pages/node/7028064


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU77599

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-30583

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to a missing check in the fs.openAsBlob() API. A remote user leverage fs.openAsBlob() to bypass the experimental permission model when using the file system read restriction with the --allow-fs-read flag.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Platform Navigator in IBM Cloud Pak for Integration (CP4I): before 2023.2.1-1

Automation Assets in IBM Cloud Pak for Integration (CP4I): before 2022.2.1-11

External links

http://www.ibm.com/support/pages/node/7028064


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###