Multiple vulnerabilities in IBM Security Verify Access
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 18 |
| CVE-ID | CVE-2019-18277 CVE-2023-2455 CVE-2022-41862 CVE-2019-19330 CVE-2017-18342 CVE-2023-25725 CVE-2022-1471 CVE-2023-32697 CVE-2015-5237 CVE-2019-14241 CVE-2020-11100 CVE-2023-40225 CVE-2022-2625 CVE-2023-2454 CVE-2023-39417 CVE-2019-18276 CVE-2023-1370 CVE-2022-45688 |
| CWE-ID | CWE-444 CWE-254 CWE-125 CWE-93 CWE-20 CWE-502 CWE-94 CWE-122 CWE-835 CWE-264 CWE-89 CWE-273 CWE-674 CWE-121 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #16 is available. |
| Vulnerable software Subscribe |
IBM Security Verify Access Server applications / Remote management servers, RDP, SSH |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 18 vulnerabilities.
1) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU22597
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-18277
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP request smuggling attack.
The vulnerability exists due to incorrect processing of messages with a missing transfer-encoding header, when HAProxy is configured in legacy mode. The server does not reject "chunked" value that combined with the "http-reuse always" setting can lead to HTTP request smuggling attack.
Install update from vendor's website.
Vulnerable software versionsIBM Security Verify Access: before 10.0.7.0
External linkshttp://www.ibm.com/support/pages/node/7106583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Security features bypass
EUVDB-ID: #VU76042
Risk: Low
CVSSv3.1: 2 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2455
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote user to bypass implemented security restrictions.
The vulnerability exists due to incomplete fix for #VU40402 (CVE-2016-2193) that did not anticipate a scenario involving function inlining. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications.
This affects only databases that have used CREATE POLICY to define a row security policy.
Install update from vendor's website.
Vulnerable software versionsIBM Security Verify Access: before 10.0.7.0
External linkshttp://www.ibm.com/support/pages/node/7106583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU72088
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-41862
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can send an unterminated string during the establishment of Kerberos transport encryption, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Verify Access: before 10.0.7.0
External linkshttp://www.ibm.com/support/pages/node/7106583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) CRLF injection
EUVDB-ID: #VU23084
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-19330
CWE-ID:
CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input when processing CRLF and NUL character in the HTTP request, while converting headers from HTTP/2 to
HTTP/1. A remote attacker can send a specially crafted HTTP/2 request to the HAProxy and inject arbitrary HTTP headers. Successful exploitation of the vulnerability may allow an attacker to bypass certain security restrictions or perform spoofing attacks.
Install update from vendor's website.
Vulnerable software versionsIBM Security Verify Access: before 10.0.7.0
External linkshttp://www.ibm.com/support/pages/node/7106583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU21781
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-18342
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to insufficient validation of user-supplied input in the "yaml.load()" API (yaml.safe_load is not used). A remote attacker can execute arbitrary code on the target system.
Install update from vendor's website.
Vulnerable software versionsIBM Security Verify Access: before 10.0.7.0
External linkshttp://www.ibm.com/support/pages/node/7106583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU72334
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25725
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP/1 requests. A remote attacker can send a specially crafted HTTP request with empty fields, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Verify Access: before 10.0.7.0
External linkshttp://www.ibm.com/support/pages/node/7106583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Deserialization of Untrusted Data
EUVDB-ID: #VU70385
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2022-1471
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data within the SnakeYaml's Constructor() class. A remote attacker can pass specially crafted yaml content to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Verify Access: before 10.0.7.0
External linkshttp://www.ibm.com/support/pages/node/7106583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
8) Code Injection
EUVDB-ID: #VU79519
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32697
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Verify Access: before 10.0.7.0
External linkshttp://www.ibm.com/support/pages/node/7106583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Heap-based buffer overflow
EUVDB-ID: #VU70097
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-5237
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Verify Access: before 10.0.7.0
External linkshttp://www.ibm.com/support/pages/node/7106583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Infinite loop
EUVDB-ID: #VU22942
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14241
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop while processing cookies in the htx_manage_client_side_cookies() function in proto_htx.c. A remote attacker can send a specially crafted request to the proxy server, consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Verify Access: before 10.0.7.0
External linkshttp://www.ibm.com/support/pages/node/7106583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Heap-based buffer overflow
EUVDB-ID: #VU26549
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-11100
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTTP/2 requests within the hpack_dht_insert() function in hpack-tbl.c (HPACK decoder). A remote attacker can send a specially crafted HTTP/2 request to the affected HAProxy, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Verify Access: before 10.0.7.0
External linkshttp://www.ibm.com/support/pages/node/7106583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU79767
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40225
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request with empty Content-Length headers to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Verify Access: before 10.0.7.0
External linkshttp://www.ibm.com/support/pages/node/7106583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU66429
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2625
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges within the database.
The vulnerability exists due to extension scripts can replace objects that do not belong to the extension when using the CREATE OR REPLACE or CREATE IF NOT EXISTS commands. A remote user with (1) permissions to create non-temporary objects in at least one schema, (2) ability to lure
or wait for an administrator to create or update an affected extension
in that schema, and (3) ability to lure or wait for a victim to use the
object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS can run arbitrary code as the victim role.
Install update from vendor's website.
Vulnerable software versionsIBM Security Verify Access: before 10.0.7.0
External linkshttp://www.ibm.com/support/pages/node/7106583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU76041
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2454
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the system.
The vulnerability exists due to improperly imposed security restrictions. A remote database user with CREATE privilege can bypass protective search_path changes via "CREATE SCHEMA ... schema_element" command and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsIBM Security Verify Access: before 10.0.7.0
External linkshttp://www.ibm.com/support/pages/node/7106583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) SQL injection
EUVDB-ID: #VU79454
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-39417
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data within the extension script @substitutions@, which uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Verify Access: before 10.0.7.0
External linkshttp://www.ibm.com/support/pages/node/7106583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper Check for Dropped Privileges
EUVDB-ID: #VU24690
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-18276
CWE-ID:
CWE-273 - Improper Check for Dropped Privileges
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in "disable_priv_mode()" function in shell.c due to the affected software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded. A local user with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Verify Access: before 10.0.7.0
External linkshttp://www.ibm.com/support/pages/node/7106583
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
17) Uncontrolled Recursion
EUVDB-ID: #VU75044
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1370
CWE-ID:
CWE-674 - Uncontrolled Recursion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to uncontrolled recursion when processing nested arrays and objects. A remote attacker can pass specially crafted JSON data to the application and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsIBM Security Verify Access: before 10.0.7.0
External linkshttp://www.ibm.com/support/pages/node/7106583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Stack-based buffer overflow
EUVDB-ID: #VU77102
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-45688
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists in the XML.toJSONObject component. A remote unauthenticated attacker can send a specially crafted JSON or XML data, trigger stack-based buffer overflow and perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Security Verify Access: before 10.0.7.0
External linkshttp://www.ibm.com/support/pages/node/7106583
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
