SB2023091928 - Multiple vulnerabilities in IBM Cloud Pak for Business Automation

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023091928

SB2023091928 - Multiple vulnerabilities in IBM Cloud Pak for Business Automation

Published: September 19, 2023

Security Bulletin ID SB2023091928
Severity
High
Patch available
YES
Number of vulnerabilities 44
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 2% Medium 39% Low 59%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 44 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2022-27446)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to segmentation fault via the sql/item_cmpfunc.h component. A remote user can send specially crafted data and perform a denial of service attack.


2) SQL injection (CVE-ID: CVE-2022-27381)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to insufficient sanitization of user-supplied data in the Field::set_default() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.


3) Buffer overflow (CVE-ID: CVE-2022-27382)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a segmentation fault via the Item_field::used_tables/update_depend_map_for_order() function. A remote user can send specially crafted data and perform a denial of service (DoS) attack.


4) Use-after-free (CVE-ID: CVE-2022-27383)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in the my_strcasecmp_8bit component. A remote user can pass specially crafted SQL statements and cause a denial of service.


5) SQL injection (CVE-ID: CVE-2022-27384)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to insufficient sanitization of user-supplied data in the Item_subselect::init_expr_cache_tracker() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.


6) SQL injection (CVE-ID: CVE-2022-27385)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to insufficient sanitization of user-supplied data in the used_tables_and_const_cache::used_tables_and_const_cache_join() function. A remote attacker can send a specially crafted request to the affected application and perform a denial of service attack.


7) Buffer overflow (CVE-ID: CVE-2022-27386)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to segmentation fault via the sql/sql_class.cc component. A remote user can send specially crafted data and perform a denial of service attack.


8) Buffer overflow (CVE-ID: CVE-2022-27387)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to buffer overflow error in the decimal_bin_size component. A remote user can send specially crafted SQL statements to the affected application, trigger buffer overflow error and perform a denial of service attack.

9) Buffer overflow (CVE-ID: CVE-2022-27444)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to segmentation fault via the sql/item_subselect.cc component. A remote user can send specially crafted data and perform a denial of service attack.


10) Buffer overflow (CVE-ID: CVE-2022-27445)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to segmentation fault via the sql/sql_window.cc component. A remote user can send specially crafted data and perform a denial of service attack.


11) Use-after-free (CVE-ID: CVE-2022-27447)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to use-after-free error via the Binary_string::free_buffer() function in the /sql/sql_string.h component. A remote user can send specially crafted data and perform a denial of service attack.


12) SQL injection (CVE-ID: CVE-2022-27379)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to insufficient sanitization of user-supplied data in the Arg_comparator::compare_real() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.


13) Buffer overflow (CVE-ID: CVE-2022-27448)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a buffer overflow in the BTR_PCUR_ON() function in the /row/row0mysql.cc component. A remote user can send a specially crafted data and perform a denial of service (DoS) attack.


14) Buffer overflow (CVE-ID: CVE-2022-27449)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to segmentation fault via the sql/item_func.cc:148 component. A remote user can send specially crafted data and perform a denial of service attack.


15) Buffer overflow (CVE-ID: CVE-2022-27451)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to segmentation fault via the sql/field_conv.cc component. A remote user can send specially crafted data and perform a denial of service attack.


16) Buffer overflow (CVE-ID: CVE-2022-27452)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to segmentation fault via the sql/item_cmpfunc.cc component. A remote user can send specially crafted data and perform a denial of service attack.


17) Use-after-free (CVE-ID: CVE-2022-27455)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in the my_wildcmp_8bit_impl component at /strings/ctype-simple.c. A remote user can pass specially crafted data and cause a denial of service.


18) Use-after-free (CVE-ID: CVE-2022-27456)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in the VDec::VDec() function at /sql/sql_type.cc. A remote user can pass specially crafted data and cause a denial of service.


19) Use-after-free (CVE-ID: CVE-2022-27457)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in the my_mb_wc_latin1 component in the /strings/ctype-latin1.c. A remote user can pass specially crafted data and cause a denial of service.


20) Use-after-free (CVE-ID: CVE-2022-27458)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in the Binary_string::free_buffer() function at /sql/sql_string.h. A remote user can pass specially crafted data and cause a denial of service.


21) Resource exhaustion (CVE-ID: CVE-2022-34917)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote non-authenticated attacker with ability to establish a network connection with the Apache Kafka broker can consume all available memory resources on the system and perform a denial of service (DoS) attack.


22) SQL injection (CVE-ID: CVE-2022-27380)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to insufficient sanitization of user-supplied data in the my_decimal::operator=() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.


23) SQL injection (CVE-ID: CVE-2022-27378)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to insufficient sanitization of user-supplied data in the Create_tmp_table::finalize() function. A remote user can send specially crafted SQL statements to the affected application and perform a denial of service attack.


24) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-29526)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the Faccessat function can incorrectly report that a file is accessible, when called with a non-zero flags parameter. An attacker can bypass implemented security restrictions.


25) Cross-site scripting (CVE-ID: CVE-2022-41735)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. The vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


26) Out-of-bounds write (CVE-ID: CVE-2022-40151)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary error if the parser is running on user supplied input. A remote attacker can pass a specially crafted XML input to the application and perform a denial of service attack.


27) Improper input validation (CVE-ID: CVE-2022-40153)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Centralized Third Party Jars (XStream) component in Oracle WebLogic Server. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.


28) Out-of-bounds write (CVE-ID: CVE-2022-40152)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing untrusted input within the Woodstox XML parser. A remote attacker can pass a specially crafted input to the application, trigger an out-of-bounds write and crash the application.


29) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2022-27191)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b, as used in Go programming language. A remote attacker can crash a server in certain circumstances involving AddHostKey.


30) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2022-35256)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.


31) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2022-3172)

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input in kube-apiserver. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.


32) Resource exhaustion (CVE-ID: CVE-2022-37734)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger send a specially crafted GraphQL query and consume available CPU resources, resulting in a denial of service.


33) Input validation error (CVE-ID: CVE-2022-24303)

The vulnerability allows a remote attacker to delete arbitrary files on the system.

The vulnerability exists due to input validation error when processing spaces in path to the temporary directory on Linux or macOS. A remote attacker can pass a specially crafted file to the application and delete arbitrary files on the system.


34) Use-after-free (CVE-ID: CVE-2022-27377)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in the Item_func_in::cleanup() function. A remote user can pass specially crafted SQL statements and cause a denial of service.


35) Exposed dangerous method or function (CVE-ID: CVE-2022-22817)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of PIL.ImageMath.eval() function on arbitrary expressions. A remote attacker can pass specially crafted file to the library and execute arbitrary code on the system.


36) Use of insufficiently random values (CVE-ID: CVE-2022-35255)

The vulnerability allows a remote attacker to decrypt sensitive information.

The vulnerability exists due to usage of weak randomness in WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. A remote attacker can decrypt sensitive information.


37) Incorrect Comparison (CVE-ID: CVE-2021-34141)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incomplete string comparison in the numpy.core component in NumPy. A remote attacker can pass specific string objects to the library and perform a denial of service (DoS) attack.


38) Path traversal (CVE-ID: CVE-2022-22815)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in path_getbbox() function in path.c. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.


39) Out-of-bounds read (CVE-ID: CVE-2022-22816)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to buffer over-read during initialization of ImagePath.Path in path_getbbox() function in path.c. A remote attacker can pass a specially crafted file to the affected library and read contents of memory on the system.


40) Cross-site scripting (CVE-ID: CVE-2022-38390)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. The vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


41) Improper input validation (CVE-ID: CVE-2022-21618)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the JGSS component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.


42) Improper input validation (CVE-ID: CVE-2022-39399)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Networking component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.


43) Use-after-free (CVE-ID: CVE-2021-46669)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in the convert_const_to_int() function when processing BIGINT data type. A remote attacker can trigger use-after-free error and perform a denial of service attack.


44) Use-after-free (CVE-ID: CVE-2022-27376)

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in the Item_args::walk_arg() function. A remote user can pass specially crafted SQL statements and cause a denial of service.


Remediation

Install update from vendor's website.

References