SB2023121517 - Multiple vulnerabilities in IBM Cloud Pak for Network Automation

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) UNIX symbolic link following (CVE-ID: CVE-2023-35887)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to insecure symlink following that lead to files outside the RootedFileSystem. A remote user can identify presence of files on the system.

2) Inefficient regular expression complexity (CVE-ID: CVE-2023-26115)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

3) HTTP response splitting (CVE-ID: CVE-2021-33621)

The vulnerability allows a remote attacker to perform HTTP splitting attacks.

The vulnerability exists due to software does not corrector process CRLF character sequences when handling cookies. A remote attacker can send specially crafted request containing CRLF sequence and make the application to send a split HTTP response.

Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.

4) HTTP response splitting (CVE-ID: CVE-2023-27522)

The vulnerability allows a remote attacker to perform HTTP splitting attacks.

The vulnerability exists due to software does not correclty process CRLF character sequences in mod_proxy_uwsgi. A remote attacker can send specially crafted request containing CRLF sequence and make the application to send a split HTTP response.

Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.

5) Input validation error (CVE-ID: CVE-2023-26364)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability occurs when attempting to parse CSS. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

6) Resource exhaustion (CVE-ID: CVE-2023-34462)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources if no idle timeout handler was configured. A remote attacker can send a client hello packet, which leads the server to buffer up to 16MB of data per connection and results in a denial of service condition.

7) Prototype pollution (CVE-ID: CVE-2023-26136)

The vulnerability allows a remote attacker to execute arbitrary JavaScript code.

The vulnerability exists due to improper input validation. A remote attacker can pass specially crafted input to the application and perform prototype pollution, which can result in information disclosure or data manipulation.

8) Untrusted search path (CVE-ID: CVE-2023-38408)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of an insecure search path within the PKCS#11 feature in ssh-agent. A remote attacker can trick the victim into connecting to a malicious SSH server and execute arbitrary code on the system, if an agent is forwarded to an attacker-controlled system.

Note, this vulnerability exists due to incomplete fix for #VU2015 (CVE-2016-10009).

9) Incorrect authorization (CVE-ID: CVE-2023-3899)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect authorization caused by D-Bus interface com.redhat.RHSM1 that exposes a significant number of methods to all users. A local user can abuse the com.redhat.RHSM1.Config.SetAll() method to change the state of the registration and escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/support/pages/node/7064944