SB2023091817 - Multiple vulnerabilities in IBM Planning Analytics Cartridge for IBM Cloud Pak for Data

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023091817

SB2023091817 - Multiple vulnerabilities in IBM Planning Analytics Cartridge for IBM Cloud Pak for Data

Published: September 18, 2023 Updated: August 21, 2024

Security Bulletin ID SB2023091817
Severity
High
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 9% Medium 73% Low 18%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Integer overflow (CVE-ID: CVE-2022-0185)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow in the legacy_parse_param() function in fs/fs_context.c in Linux kernel. A local user can tun a specially crafted program to trigger integer overflow and execute arbitrary code with root privileges.



2) Improper Authentication (CVE-ID: CVE-2023-27877)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can bypass authentication process and gain unauthorized access to the application.


3) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-26023)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software stores sensitive information into log files. A remote attacker can read the log files and gain access to sensitive data.


4) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-26026)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software stores sensitive information into log files. A remote attacker can read the log files and gain access to sensitive data.


5) Deserialization of Untrusted Data (CVE-ID: CVE-2022-1471)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data within the SnakeYaml's Constructor() class. A remote attacker can pass specially crafted yaml content to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


6) Cross-site scripting (CVE-ID: CVE-2023-28520)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. The vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


7) Reliance on Reverse DNS Resolution for a Security-Critical Action (CVE-ID: CVE-2022-43548)

The vulnerability allows a remote attacker to perform DNS rebinding attacks.

The vulnerability exists due to improper validation of octal IP address within the Node.js rebinding protector for --inspec. A remote attacker can resolve the invalid octal address via DNS. When combined with an active --inspect session, such as when using VSCode, an attacker can perform DNS rebinding and execute arbitrary code in client's browser.


8) Cross-site scripting (CVE-ID: CVE-2020-7676)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when wrapping "<option>" elements in "<select>" ones changes parsing behavior. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


9) Code Injection (CVE-ID: CVE-2021-42550)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote user can send a specially crafted request to the application and execute arbitrary code on the target system by tricking the application to load a malicious configuration from a remote LDAP server.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


10) Out-of-bounds read (CVE-ID: CVE-2021-38561)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition. A remote attacker can pass specially crafted input to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.


11) Resource exhaustion (CVE-ID: CVE-2022-32149)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to ParseAcceptLanguage does not properly control consumption of internal resources. A remote attacker can send a specially crafted Accept-Language header that will take a significant time to parse and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References