SB2023092038 - Multiple vulnerabilities in IBM Cloud Pak for Watson AIOps

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Code Injection (CVE-ID: CVE-2022-42889)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an insecure variable interpolation when processing untrusted input. A remote attacker can send a specially crafted input and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability was dubbed Text4shell.

2) Buffer overflow (CVE-ID: CVE-2022-41900)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the FractionalMaxPool and FractionalAvgPool. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) Prototype pollution (CVE-ID: CVE-2022-37616)

The vulnerability allows a remote attacker to execute arbitrary JavaScript code.

The vulnerability exists in the function copy in dom.js in the xmldom package for Node.js via the p variable. A remote attacker can pass specially crafted input to the application and perform prototype pollution, which can result in information disclosure or data manipulation.

4) Input validation error (CVE-ID: CVE-2022-39353)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficient validation of user-supplied input within DOM nodes when they are not well-formed. A remote attacker can pass specially crafted input to the application and gain unauthorized access to the application.

5) Heap-based buffer overflow (CVE-ID: CVE-2021-37404)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when opening a file path within the libhdfs native code. A remote attacker can pass specially crafted input to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

6) OS Command Injection (CVE-ID: CVE-2022-25168)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation within the FileUtil.unTar(File, File) API. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

7) Improper access control (CVE-ID: CVE-2022-36067)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper access restrictions. A remote attacker can bypass the sandbox protections and execute arbitrary code on the host running the sandbox.

8) Out-of-bounds read (CVE-ID: CVE-2022-41880)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/support/pages/node/6848195