SB2023111524 - Multiple vulnerabilities in IBM Security Guardium
Published: November 15, 2023 Updated: October 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 18 secuirty vulnerabilities.
1) Security features bypass (CVE-ID: CVE-2023-21102)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists die to a logic error within the __efi_rt_asm_wrapper() function in efi-rt-wrapper.S. A local application can bypass the shadow stack protection and execute arbitrary code with elevated privileges.
2) Cryptographic issues (CVE-ID: CVE-2023-20900)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper verification of SAML token signature. A remote attacker can bypass SAML token signature verification and perform man-in-the-middle (MITM) network positioning between vCenter server and the virtual machine.
3) Heap-based buffer overflow (CVE-ID: CVE-2023-4863)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing WebP images within libwebp library. A remote attacker can trick the victim to visit a malicious website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. The vulnerability affects all modern browsers that support WebP image processing.
Note, the vulnerability is being actively exploited in the wild.
4) Memory leak (CVE-ID: CVE-2023-2602)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in the error handling in the __wrap_pthread_create() function. A remote attacker can send a specially crafted request, exploit vulnerability to exhaust the process memory and cause a denial of service condition.
5) PHP file inclusion (CVE-ID: CVE-2023-2603)
The vulnerability allows a remote attacker to include and execute arbitrary PHP files on the server.
The vulnerability exists due to incorrect input validation when including PHP files in web/ajax/modal.php. A remote non-authenticated attacker can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.
6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-30630)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions when executing the command with the "--dump-bin" option. A local user can overwrite arbitrary files on the system and escalate privileges.
7) Use-after-free (CVE-ID: CVE-2023-4147)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
8) Use-after-free (CVE-ID: CVE-2023-4004)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. A local user can execute arbitrary code with elevated privileges.
9) Use-after-free (CVE-ID: CVE-2023-31248)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in nft_chain_lookup_byid() function, which failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace. A local user ca trigger a use-after-free error and execute arbitrary code with elevated privileges.
10) Use-after-free (CVE-ID: CVE-2023-3776)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the Linux kernel's net/sched: cls_fw component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
11) Use-after-free (CVE-ID: CVE-2023-3610)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_tables component in Linux kernel netfilter. A local user with CAP_NET_ADMIN capability can trigger a use-after-free error and execute arbitrary code with elevated privileges.
12) Information exposure through microarchitectural state after transient execution (CVE-ID: CVE-2023-1637)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due speculative execution behavior in the Linux kernel X86 CPU Power management options functionality. A local user can gain access to sensitive information.
13) Use-after-free (CVE-ID: CVE-2023-3390)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within net/netfilter/nf_tables_api.c in the Linux kernel netfilter subsystem. A local user can trigger a use-after-fee error and escalate privileges on the system.
14) Use-after-free (CVE-ID: CVE-2023-20593)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in AMD Zen2 processors. A local user can trigger a use-after-free error and execute arbitrary code on the system.
Note, the vulnerability was dubbed Zenbleed.
15) Out-of-bounds write (CVE-ID: CVE-2023-35001)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the nft_byteorder() function. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.
16) Path traversal (CVE-ID: CVE-2023-38633)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the URL decoder. A remote attacker can pass specially crafted URL to the library and read arbitrary files on the system.
17) Incorrect authorization (CVE-ID: CVE-2023-3899)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect authorization caused by D-Bus interface com.redhat.RHSM1 that exposes a significant number of methods to all users. A local user can abuse the com.redhat.RHSM1.Config.SetAll() method to change the state of the registration and escalate privileges on the system.
18) Improper input validation (CVE-ID: CVE-2022-1941)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Connector/Python (Python) component in MySQL Connectors. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.