Multiple vulnerabilities in IBM Storage Defender - Data Protect
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 13 |
| CVE-ID | CVE-2022-23555 CVE-2023-2828 CVE-2022-3564 CVE-2023-0215 CVE-2022-32174 CVE-2023-32698 CVE-2022-28948 CVE-2022-1292 CVE-2022-0778 CVE-2020-8277 CVE-2020-7667 CVE-2017-3730 CVE-2016-7054 |
| CWE-ID | CWE-287 CWE-400 CWE-416 CWE-79 CWE-276 CWE-502 CWE-78 CWE-835 CWE-399 CWE-22 CWE-476 CWE-122 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #9 is available. Public exploit code for vulnerability #10 is available. Public exploit code for vulnerability #12 is available. Public exploit code for vulnerability #13 is available. |
| Vulnerable software Subscribe |
Storage Defender – Data Protect Other software / Other software solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 13 vulnerabilities.
1) Improper Authentication
EUVDB-ID: #VU83292
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23555
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to token reuse in invitation URLs leads to access control bypass via the use of a different enrollment flow than in the one provided. A remote attacker can that knows different invitation flows names (e.g. `enrollment-invitation-test` and `enrollment-invitation-admin`) via either different invite links or via brute forcing signup via a single invitation url for any valid invite link received (it can even be a url for a third flow as long as it's a valid invite) as the token used in the `Invitations` section of the Admin interface does NOT change when a different `enrollment flow` is selected via the interface and it is NOT bound to the selected flow, so it will be valid for any flow when used.
MitigationInstall update from vendor's website.
Vulnerable software versionsStorage Defender – Data Protect: before 1.4.0
External linkshttp://www.ibm.com/support/pages/node/7040913
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource exhaustion
EUVDB-ID: #VU77612
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2828
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can cause the amount of memory used by a named resolver to go well beyond the configured max-cache-size limit. The effectiveness of the attack depends on a number of factors (e.g. query load, query patterns), but since the default value of the max-cache-size statement is 90%, in the worst case the attacker can exhaust all available memory on the host running named, leading to a denial-of-service condition.
MitigationInstall update from vendor's website.
Vulnerable software versionsStorage Defender – Data Protect: before 1.4.0
External linkshttp://www.ibm.com/support/pages/node/7040913
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU69799
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3564
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows an attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the l2cap_reassemble_sdu() function in net/bluetooth/l2cap_core.c. An attacker with physical access to device can trigger a use-after-free error and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsStorage Defender – Data Protect: before 1.4.0
External linkshttp://www.ibm.com/support/pages/node/7040913
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU71995
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0215
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the BIO_new_NDEF function. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsStorage Defender – Data Protect: before 1.4.0
External linkshttp://www.ibm.com/support/pages/node/7040913
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Stored cross-site scripting
EUVDB-ID: #VU68308
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-32174
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the select assignee component. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsStorage Defender – Data Protect: before 1.4.0
External linkshttp://www.ibm.com/support/pages/node/7040913
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Incorrect default permissions
EUVDB-ID: #VU83287
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32698
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to file permissions on the checked-in files were not maintained. A local user with access to the system can view contents of files and directories or modify them.
MitigationInstall update from vendor's website.
Vulnerable software versionsStorage Defender – Data Protect: before 1.4.0
External linkshttp://www.ibm.com/support/pages/node/7040913
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Deserialization of Untrusted Data
EUVDB-ID: #VU64275
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28948
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to insecure input validation when processing serialized data in the Unmarshal function. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsStorage Defender – Data Protect: before 1.4.0
External linkshttp://www.ibm.com/support/pages/node/7040913
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) OS Command Injection
EUVDB-ID: #VU62765
Risk: Medium
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-1292
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.
Install update from vendor's website.
Vulnerable software versionsStorage Defender – Data Protect: before 1.4.0
External linkshttp://www.ibm.com/support/pages/node/7040913
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Infinite loop
EUVDB-ID: #VU61391
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-0778
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the BN_mod_sqrt() function when processing an ASN.1 certificate that contains elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. A remote attacker can supply a specially crafted certificate to the TLS server or client, consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsStorage Defender – Data Protect: before 1.4.0
External linkshttp://www.ibm.com/support/pages/node/7040913
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
10) Resource management error
EUVDB-ID: #VU48569
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2020-8277
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when processing a large number of DNS responses. A Node.js application that allows an attacker to trigger a DNS request
for a host of their choice could trigger a denial of service condition.
Install update from vendor's website.
Vulnerable software versionsStorage Defender – Data Protect: before 1.4.0
External linkshttp://www.ibm.com/support/pages/node/7040913
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
11) Path traversal
EUVDB-ID: #VU83322
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-7667
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsStorage Defender – Data Protect: before 1.4.0
External linkshttp://www.ibm.com/support/pages/node/7040913
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) NULL pointer dereference
EUVDB-ID: #VU5440
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-3730
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to cause denial of service.
The vulnerability exists in OpenSSL due to NULL pointer dereference error when processing specially crafted parameters for a Diffie-Hellman Key Exchange (DHE) or Elliptic Curve Diffie-Hellman Exchange (ECDHE), received from malicious server. A remote attacker can trick the victim into connecting to a specially crafted website and trigger NULL pointer dereference error in client software.
Successful exploitation of the vulnerability may allow an attacker to perform denial of service (DoS) attack against vulnerable client software.
MitigationInstall update from vendor's website.
Vulnerable software versionsStorage Defender – Data Protect: before 1.4.0
External linkshttp://www.ibm.com/support/pages/node/7040913
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
13) Heap overflow
EUVDB-ID: #VU5892
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-7054
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform denial of service (Dos) attack.
The vulnerability exists due to a boundary error when processing *-CHACHA20-POLY1305 TLS ciphersuites (ChaCha20/Poly1305) in OpenSSL. A remote attacker can send large payloads to affected service, triggering heap overflow.
Successful exploitation of the vulnerability may result in denial of service (DoS) conditions.
Mitigation
Install update from vendor's website.
Vulnerable software versionsStorage Defender – Data Protect: before 1.4.0
External linkshttp://www.ibm.com/support/pages/node/7040913
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
