Multiple vulnerabilities in IBM Cloud Pak for Network Automation



| Updated: 2024-11-04
Risk High
Patch available YES
Number of vulnerabilities 31
CVE-ID CVE-2023-28756
CVE-2023-5156
CVE-2021-43809
CVE-2023-45857
CVE-2023-31047
CVE-2023-28755
CVE-2023-43642
CVE-2023-4759
CVE-2021-3998
CVE-2020-14343
CVE-2023-45648
CVE-2023-41080
CVE-2023-4586
CVE-2022-34169
CVE-2023-44271
CVE-2021-3999
CVE-2021-35942
CVE-2023-4641
CVE-2023-4527
CVE-2023-4806
CVE-2023-4813
CVE-2023-4911
CVE-2023-38697
CVE-2023-44981
CVE-2020-1752
CVE-2023-45133
CVE-2022-4285
CVE-2023-46120
CVE-2019-19126
CVE-2020-10029
CVE-2020-1751
CWE-ID CWE-185
CWE-401
CWE-88
CWE-352
CWE-434
CWE-770
CWE-59
CWE-20
CWE-444
CWE-601
CWE-295
CWE-400
CWE-193
CWE-190
CWE-200
CWE-125
CWE-416
CWE-119
CWE-639
CWE-697
CWE-476
CWE-121
CWE-787
Exploitation vector Network
Public exploit Public exploit code for vulnerability #6 is available.
Public exploit code for vulnerability #10 is available.
Public exploit code for vulnerability #12 is available.
Public exploit code for vulnerability #14 is available.
Vulnerability #22 is being exploited in the wild.
Vulnerable software
Cloud Pak for Network Automation
Other software / Other software solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 31 vulnerabilities.

1) Incorrect Regular Expression

EUVDB-ID: #VU74007

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28756

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing strings that have specific characters. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory leak

EUVDB-ID: #VU81448

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-5156

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak caused by an incorrect fix for #VU81447 (CVE-2023-4806). A remote attacker can force the application to leak memory and perform denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Neutralization of Argument Delimiters in a Command

EUVDB-ID: #VU85298

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43809

CWE-ID: CWE-88 - Argument Injection or Modification

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability occurs when working with untrusted and apparently harmless `Gemfile`'s. A local user can trick the victim into opening a specially crafted directory containing a `Gemfile` file that declares a dependency that is located in a Git repository and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Cross-site request forgery

EUVDB-ID: #VU82558

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-45857

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Arbitrary file upload

EUVDB-ID: #VU75707

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-31047

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to the application does not perform validation of files when using one form field for uploading multiple files. A remote attacker can upload a malicious file and execute it on the server.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Incorrect Regular Expression

EUVDB-ID: #VU74004

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-28755

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing URLs. A remote attacker can pass specially crafted URL to the application and perform regular expression denial of service (ReDos) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

7) Allocation of Resources Without Limits or Throttling

EUVDB-ID: #VU82454

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-43642

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to missing upper bound check on chunk length. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Link following

EUVDB-ID: #VU81948

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4759

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a remote attacker to overwrite files on the system.

The vulnerability exists due to an insecure link following. A remote attacker can place a specially crafted symbolic link into the repository, trick the victim into cloning it and overwrite arbitrary files on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Memory leak

EUVDB-ID: #VU61292

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3998

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due memory leak in glibc realpath() function. A remote attacker can force the application to leak memory and perform denial of service attack or gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Input validation error

EUVDB-ID: #VU54520

Risk: High

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-14343

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input when processing untrusted YAML files through the full_load method or with the FullLoader loader. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system by abusing the python/object/new constructor.

Note, the vulnerability exists due to incomplete patch for vulnerability #VU25823.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

11) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU81799

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-45648

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation when parsing HTTP trailer headers. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Open redirect

EUVDB-ID: #VU80089

Risk: Medium

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-41080

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data, if the ROOT (default) web application is configured to use FORM authentication. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

13) Improper Certificate Validation

EUVDB-ID: #VU84031

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4586

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to the Hot Rod client does not enable hostname validation when using TLS. A remote attacker can perform MitM attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper input validation

EUVDB-ID: #VU65495

Risk: High

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-34169

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to compromise the affected system.

The vulnerability exists due to an integer truncation issue when processing malicious XSLT stylesheets. A remote non-authenticated attacker can pass specially crafted data to the application to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

15) Resource exhaustion

EUVDB-ID: #VU83261

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-44271

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in ImageFont. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Off-by-one

EUVDB-ID: #VU61293

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3999

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to an off-by-one error glibc getcwd() function. A remote attacker can pass specially crafted input to the application that is using the affected library version, trigger an off-by-one error and execute arbitrary code on the target system.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Integer overflow

EUVDB-ID: #VU55972

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35942

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information or perform a DoS attack.

The vulnerability exists due to integer overflow in parse_param in posix/wordexp.c in the GNU C Library when called with an untrusted pattern. A remote attacker can pass specially crafted data to the application, trigger integer overflow and read arbitrary memory on the system of perform a denial of service (DoS) attack.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Information disclosure

EUVDB-ID: #VU80801

Risk: Low

CVSSv3.1: 3.6 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4641

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to an error in gpasswd(1), which fails to clean memory properly. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. A local user with enough access can retrieve the password from the memory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Out-of-bounds read

EUVDB-ID: #VU81097

Risk: Medium

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4527

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the getaddrinfo() function called with the AF_UNSPEC address family. A remote attacker with control over DNS server can send a DNS response via TCP larger than 2048 bytes, trigger an out-of-bounds read and crash the application or gain access to potentially sensitive information.

Successful exploitation of the vulnerability requires that system is configured with no-aaaa mode via /etc/resolv.conf.



Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU81447

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4806

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the getaddrinfo() function. A remote attacker can perform a denial of service (DoS) attack.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Use-after-free

EUVDB-ID: #VU81453

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4813

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the gaih_inet() function when the getaddrinfo() function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Buffer overflow

EUVDB-ID: #VU81437

Risk: Low

CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2023-4911

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of GLIBC_TUNABLES environment variable. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

23) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU85296

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38697

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Authorization bypass through user-controlled key

EUVDB-ID: #VU83312

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-44981

CWE-ID: CWE-639 - Authorization Bypass Through User-Controlled Key

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authorization process.

The vulnerability exists due to improper implementation of SASL Quorum Peer authentication. The instance part in SASL authentication ID, which is listed in zoo.cfg server list, is optional and if it's missing, the authorization check will be skipped. As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Use-after-free

EUVDB-ID: #VU26628

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-1752

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the glob() function in glibc in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username are affected by this issue. A local user can create a specially crafted path that, when processed by the glob() function, would potentially lead to arbitrary code execution.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Incorrect Comparison

EUVDB-ID: #VU83234

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-45133

CWE-ID: CWE-697 - Incorrect Comparison

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists in '@babel/traverse' and `babel-traverse`. A local user can execute arbitrary code during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) NULL pointer dereference

EUVDB-ID: #VU76453

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-4285

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when parsing an ELF file containing corrupt symbol version information. A remote attacker can pass a specially crafted file to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Resource exhaustion

EUVDB-ID: #VU83414

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-46120

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. A remote attacker can send a very large Message causing a memory overflow and triggering an OOM Error to perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Information disclosure

EUVDB-ID: #VU30596

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-19126

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local authenticated user to gain access to sensitive information.

On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Stack-based buffer overflow

EUVDB-ID: #VU26388

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10029

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows an attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within "sysdeps/ieee754/ldbl-96/e_rem_pio2l.c" in GNU C Library (aka glibc or libc6). An attacker can pas specially crafted input to the application and trigger a stack-based buffer overflow.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system or denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Out-of-bounds write

EUVDB-ID: #VU27033

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-1751

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error in the "backtrace" function when handling signal trampolines on PowerPC. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Pak for Network Automation: before 2.6.4

CPE2.3 External links

http://www.ibm.com/support/pages/node/7097679


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###