Multiple vulnerabilities in IBM Storage Protect Server
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405 CVE-2023-29406 CVE-2023-29400 CVE-2023-24540 CVE-2023-24539 |
| CWE-ID | CWE-94 CWE-264 CWE-644 CWE-79 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Storage Protect Server Other software / Other software solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Code Injection
EUVDB-ID: #VU77528
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2023-29402
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation within the cgo go command when building code that contains directories with newline characters in their names. A remote attacker can pass specially crafted input to the cgo command at build time and potentially compromise the system.
Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected).
MitigationInstall update from vendor's website.
Vulnerable software versionsStorage Protect Server : before 8.1.20
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7038772
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU77529
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2023-29403
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists within Go runtime due to application allows to execute setuid/setgid binaries without any restrictions. An attacker with ability to control the application flow can execute arbitrary code on the system with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsStorage Protect Server : before 8.1.20
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7038772
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
3) Code Injection
EUVDB-ID: #VU77530
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2023-29404
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
command which builds untrusted code.A remote attacker can inject and execute arbitrary code on the target system at build time when using cgo. Mitigation
Install update from vendor's website.
Vulnerable software versionsStorage Protect Server : before 8.1.20
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7038772
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
4) Code Injection
EUVDB-ID: #VU77531
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2023-29405
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
command which builds untrusted code.A remote attacker can inject and execute arbitrary code on the target system at build time when using cgo. Mitigation
Install update from vendor's website.
Vulnerable software versionsStorage Protect Server : before 8.1.20
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7038772
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
5) Improper Neutralization of HTTP Headers for Scripting Syntax
EUVDB-ID: #VU78327
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2023-29406
CWE-ID:
CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to improper input validation in HTTP/1 client when handling HTTP Host header. A remote non-authenticated attacker can send a specially crafted HTTP request with a maliciously crafted Host header and inject additional headers or entire requests.
Successful exploitation of the vulnerability may allow an attacker to perform cross-site scripting, cache poisoning or session hijacking attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsStorage Protect Server : before 8.1.20
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7038772
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
6) Cross-site scripting
EUVDB-ID: #VU75792
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2023-29400
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when processing HTML attributes. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsStorage Protect Server : before 8.1.20
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7038772
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
7) Code Injection
EUVDB-ID: #VU75791
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2023-24540
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary JavaScript code.
The vulnerability exists due to improper input validation when processing whitespace characters. A remote attacker can send a specially crafted request and execute arbitrary JavaScript code.
MitigationInstall update from vendor's website.
Vulnerable software versionsStorage Protect Server : before 8.1.20
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7038772
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
8) Cross-site scripting
EUVDB-ID: #VU75790
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2023-24539
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when handling angle brackets in CSS context. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsStorage Protect Server : before 8.1.20
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7038772
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
