Multiple vulnerabilities in IBM Operational Decision Manager

Published: 2023-09-19

Risk	High
Patch available	YES
Number of vulnerabilities	5
CVE-ID	CVE-2022-2047 CVE-2014-0107 CVE-2023-34034 CVE-2022-25881 CVE-2023-37460
CWE-ID	CWE-20 CWE-284 CWE-254 CWE-407 CWE-22
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	Operational Decision Manager Client/Desktop applications / Office applications
Vendor	IBM Corporation

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU65831

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2047

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input when parsing invalid URIs such as http://localhost;/path. A remote attacker can pass specially crafted input to the application and bypass implemented security restrictions, as the Jetty's HttpClient, and Jetty's ProxyServlet / AsyncProxyServlet / AsyncMiddleManServlet will wrongly interpret an authority of such URI as the one with a hostname.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Operational Decision Manager: before 8.12.0 Interim fix 2

Fixed software versions

CPE2.3

cpe:2.3:a:ibm_corporation:operational_decision_manager:*:*:*:*:*:*:*:

External links

http://www.ibm.com/support/pages/node/7032928

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Improper access control

EUVDB-ID: #VU77073

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2014-0107

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to TransformerFactory in Apache Xalan-Java does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled. A remote attacker can bypass implemented security restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Operational Decision Manager: before 8.12.0 Interim fix 2

Fixed software versions

CPE2.3

cpe:2.3:a:ibm_corporation:operational_decision_manager:*:*:*:*:*:*:*:

External links

http://www.ibm.com/support/pages/node/7032928

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Security features bypass

EUVDB-ID: #VU80880

Risk: High

CVSSv3.1:

CVE-ID: CVE-2023-34034

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to the usage of "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux. A remote unauthenticated attacker can trigger the vulnerability to bypass security restrictions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Operational Decision Manager: before 8.12.0 Interim fix 2

Fixed software versions

CPE2.3

cpe:2.3:a:ibm_corporation:operational_decision_manager:*:*:*:*:*:*:*:

External links

http://www.ibm.com/support/pages/node/7032928

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Inefficient Algorithmic Complexity

EUVDB-ID: #VU72750

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-25881

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to regular expression denial of service that occurs when the server reads the cache policy from the request using this library. A remote unauthenticated attacker can send malicious request header values to the server and perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Operational Decision Manager: before 8.12.0 Interim fix 2

Fixed software versions

CPE2.3

cpe:2.3:a:ibm_corporation:operational_decision_manager:*:*:*:*:*:*:*:

External links

http://www.ibm.com/support/pages/node/7032928

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

5) Path traversal

EUVDB-ID: #VU80879

Risk: High

CVSSv3.1:

CVE-ID: CVE-2023-37460

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Operational Decision Manager: before 8.12.0 Interim fix 2

Fixed software versions

CPE2.3

cpe:2.3:a:ibm_corporation:operational_decision_manager:*:*:*:*:*:*:*:

External links

http://www.ibm.com/support/pages/node/7032928

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?