Multiple vulnerabilities in IBM Cloud Pak for AIOps



Published: 2024-03-27 | Updated: 2024-05-23
Risk High
Patch available YES
Number of vulnerabilities 85
CVE-ID CVE-2023-29406
CVE-2023-34410
CVE-2023-33285
CVE-2022-26945
CVE-2022-29810
CVE-2022-30323
CVE-2022-30322
CVE-2022-30321
CVE-2023-27536
CVE-2023-45142
CVE-2023-38197
CVE-2020-29652
CVE-2021-33194
CVE-2022-41721
CVE-2021-31525
CVE-2021-44716
CVE-2022-27664
CVE-2022-41717
CVE-2022-29526
CVE-2023-37369
CVE-2023-3961
CVE-2022-32149
CVE-2023-38472
CVE-2023-5072
CVE-2023-4806
CVE-2022-2582
CVE-2020-8912
CVE-2020-8911
CVE-2023-0842
CVE-2023-39323
CVE-2023-38473
CVE-2023-38471
CVE-2023-4091
CVE-2023-38470
CVE-2023-38469
CVE-2021-3468
CVE-2023-34053
CVE-2022-25896
CVE-2022-21221
CVE-2021-29482
CVE-2020-16845
CVE-2023-42669
CVE-2021-38561
CVE-2020-14040
CVE-2023-39318
CVE-2023-1192
CVE-2022-45919
CVE-2022-45884
CVE-2023-29469
CVE-2023-28484
CVE-2023-49082
CVE-2023-49081
CVE-2023-39319
CVE-2014-9471
CVE-2023-2162
CVE-2023-45287
CVE-2023-46136
CVE-2023-47627
CVE-2024-21647
CVE-2023-32573
CVE-2022-48468
CVE-2023-6481
CVE-2023-20569
CVE-2023-2163
CVE-2023-40217
CVE-2023-34241
CVE-2023-29491
CVE-2023-1981
CVE-2023-32681
CVE-2023-5869
CVE-2023-31486
CVE-2023-3138
CVE-2022-48339
CVE-2022-48337
CVE-2023-32324
CVE-2023-3812
CVE-2022-3094
CVE-2023-4911
CVE-2021-20218
CVE-2023-30630
CVE-2023-29409
CVE-2023-5633
CVE-2023-5178
CVE-2023-4622
CVE-2023-42753
CWE-ID CWE-644
CWE-295
CWE-125
CWE-78
CWE-532
CWE-20
CWE-371
CWE-400
CWE-835
CWE-476
CWE-444
CWE-674
CWE-770
CWE-264
CWE-119
CWE-285
CWE-617
CWE-416
CWE-326
CWE-327
CWE-1321
CWE-384
CWE-22
CWE-399
CWE-79
CWE-203
CWE-407
CWE-369
CWE-190
CWE-200
CWE-787
CWE-319
CWE-122
Exploitation vector Network
Public exploit Public exploit code for vulnerability #18 is available.
Vulnerability #78 is being exploited in the wild.
Public exploit code for vulnerability #83 is available.
Vulnerable software
Subscribe
IBM Cloud Pak for Watson AIOps
Other software / Other software solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 85 vulnerabilities.

1) Improper Neutralization of HTTP Headers for Scripting Syntax

EUVDB-ID: #VU78327

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-29406

CWE-ID: CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to improper input validation in HTTP/1 client when handling HTTP Host header. A remote non-authenticated attacker can send a specially crafted HTTP request with a maliciously crafted Host header and inject additional headers or entire requests.

Successful exploitation of the vulnerability may allow an attacker to perform cross-site scripting, cache poisoning or session hijacking attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Certificate Validation

EUVDB-ID: #VU78696

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34410

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper validation of TLS certificate chain, where application does not always consider whether the root of a chain is a configured CA certificate. A remote attacker can perform MitM attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU76667

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-33285

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to buffer over-read via a crafted reply from a DNS server within the QDnsLookup() function in src/network/kernel/qdnslookup_unix.cpp. A remote attacker can perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) OS Command Injection

EUVDB-ID: #VU63810

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-26945

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A remote attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Inclusion of Sensitive Information in Log Files

EUVDB-ID: #VU64700

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29810

CWE-ID: CWE-532 - Information Exposure Through Log Files

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to go-getter library can write SSH credentials into its log file. A local user with access to log files can read credentials in clear text, which may lead to privilege escalation or account takeover.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU63815

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-30323

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an unspecified error. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU63814

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-30322

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an unspecified error. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Input validation error

EUVDB-ID: #VU63811

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-30321

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an unspecified error. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) State Issues

EUVDB-ID: #VU73829

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-27536

CWE-ID: CWE-371 - State Issues

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to cURL will reuse a previously created connection even when the GSS delegation (CURLOPT_GSSAPI_DELEGATION) option had been changed that could have changed the user's permissions in a second transfer. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, this GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Resource exhaustion

EUVDB-ID: #VU83546

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-45142

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect processing of HTTP header User-Agent and HTTP method. A remote attacker can send multiple requests with long randomly generated HTTP methods or/and User agents and consume memory resources, leading to a denial of service condition.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Infinite loop

EUVDB-ID: #VU78697

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38197

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when handling recursive expansions. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) NULL pointer dereference

EUVDB-ID: #VU69449

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-29652

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when processing an authentication request message for the “gssapi-with-mic” method. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Infinite loop

EUVDB-ID: #VU65693

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33194

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop. A remote attacker can pass crafted ParseFragment  input to the application, consume all available system resources and cause denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU72886

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-41721

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP/2 request smuggling attacks.

The vulnerability exists due to improper validation of HTTP/2 requests when using MaxBytesHandler. A remote attacker can send a specially crafted HTTP/2 request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Uncontrolled Recursion

EUVDB-ID: #VU54910

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-31525

CWE-ID: CWE-674 - Uncontrolled Recursion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a DoS attack.

The vulnerability exists due to uncontrolled recursion when processing HTTP headers. A remote attacker can send a large header to ReadRequest or ReadResponse and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Input validation error

EUVDB-ID: #VU58824

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-44716

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Input validation error

EUVDB-ID: #VU67396

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-27664

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Allocation of Resources Without Limits or Throttling

EUVDB-ID: #VU70334

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-41717

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to excessive memory growth when handling HTTP/2 server requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

19) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU63173

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29526

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the Faccessat function can incorrectly report that a file is accessible, when called with a non-zero flags parameter. An attacker can bypass implemented security restrictions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Buffer overflow

EUVDB-ID: #VU79632

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-37369

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing XML content in QXmlStreamReader. A remote attacker can pass specially crafted XML input to the application, trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper Authorization

EUVDB-ID: #VU81875

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3961

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation when handling client pipe names. A remote attacker can provide a specially crafted pipe name containing directory traversal characters and force Samba to connect to Unix domain sockets outside of the private directory meant to restrict the services a client could connect to.The connection to Unix domain sockets is performed as root, which means that if client sends a pipe name that resolved to an external service using an existing Unix domain socket, the client is able to connect to it without any filesystem restrictions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Resource exhaustion

EUVDB-ID: #VU68897

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32149

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to ParseAcceptLanguage does not properly control consumption of internal resources. A remote attacker can send a specially crafted Accept-Language header that will take a significant time to parse and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Reachable Assertion

EUVDB-ID: #VU83303

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38472

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the avahi_rdata_parse() function. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Allocation of Resources Without Limits or Throttling

EUVDB-ID: #VU82276

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-5072

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to allocation of resources without limits or throttling. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Use-after-free

EUVDB-ID: #VU81447

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4806

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the getaddrinfo() function. A remote attacker can perform a denial of service (DoS) attack.


Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Inadequate Encryption Strength

EUVDB-ID: #VU87857

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2582

CWE-ID: CWE-326 - Inadequate Encryption Strength

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. A remote user can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU80917

Risk: Low

CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8912

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A local user can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU87858

Risk: Low

CVSSv3.1: 4.9 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8911

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

EUVDB-ID: #VU75603

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0842

CWE-ID: CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes (\'Prototype Pollution\')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited. A remote unauthenticated attacker can edit or add new properties to an object to execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Input validation error

EUVDB-ID: #VU81964

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-39323

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input when processing line directives (e.g. "//line") in the code. A remote attacker can bypass restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build".

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Reachable Assertion

EUVDB-ID: #VU83304

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38473

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the avahi_alternative_host_name() function. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Reachable Assertion

EUVDB-ID: #VU79308

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38471

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the dbus_set_host_name() function. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU81872

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4091

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to truncate read-only files.

The vulnerability exists due to an error in the way SMB protocol implementation in Samba handles file operations. A remote user can request read-only access to files and then truncate them to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes".

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Reachable Assertion

EUVDB-ID: #VU79307

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38470

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the avahi_escape_label() function. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Reachable Assertion

EUVDB-ID: #VU79306

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38469

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the avahi_dns_packet_append_record() function. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Infinite loop

EUVDB-ID: #VU79113

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3468

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work() function. A local user can consume all available system resources and cause denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Input validation error

EUVDB-ID: #VU83582

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34053

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Web Observations. A remote attacker can send specially crafted HTTP requests to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Session Fixation

EUVDB-ID: #VU66181

Risk: Medium

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-25896

CWE-ID: CWE-384 - Session Fixation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the session is regenerated instead of being closed when a user logs in or logs out. A remote attacker can gain access to the session.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Path traversal

EUVDB-ID: #VU87847

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21221

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to insufficient sanitization of user-supplied passed via the ServeFile function. A remote attacker can use a backslash %5c character in the path and read contents of arbitrary files on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Infinite loop

EUVDB-ID: #VU87849

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-29482

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due the function readUvarint used to read the xz container format may not terminate a loop providing malicious input. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Infinite loop

EUVDB-ID: #VU45699

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-16845

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in "ReadUvarint" and "ReadVarint" in "encoding/binary". A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Resource management error

EUVDB-ID: #VU81871

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-42669

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to inclusion of the "rpcecho" server into production build, which can call sleep() on AD DC. A remote user can request the server block using the "rpcecho" server and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Out-of-bounds read

EUVDB-ID: #VU65006

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38561

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition. A remote attacker can pass specially crafted input to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Infinite loop

EUVDB-ID: #VU34248

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14040

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Cross-site scripting

EUVDB-ID: #VU80572

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-39318

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the html/template package when handling HMTL-like "<!--" and "-->" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. A remote attacker can pass specially crafted input to the application and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Use-after-free

EUVDB-ID: #VU81923

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1192

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smb2_is_status_io_timeout() function in Linux kernel. A local user can set environment variable to a specific value, trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Use-after-free

EUVDB-ID: #VU75337

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-45919

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in drivers/media/dvb-core/dvb_ca_en50221.c in Linux kernel. A local user can trigger a race condition and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Use-after-free

EUVDB-ID: #VU75333

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-45884

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in drivers/media/dvb-core/dvbdev.c in Linux kernel related to dvb_register_device() function dynamically allocating fops. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Resource management error

EUVDB-ID: #VU74862

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-29469

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources when working with hashes of empty dict strings. A remote attacker can and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) NULL pointer dereference

EUVDB-ID: #VU74863

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28484

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in xmlSchemaFixupComplexType. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU83633

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-49082

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests when processing HTTP request method. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU83632

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-49081

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests when processing HTTP version. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Cross-site scripting

EUVDB-ID: #VU80573

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-39319

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists within the html/template package caused by improperly applied rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. A remote attacker can pass specially crafted input to the application and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Resource exhaustion

EUVDB-ID: #VU87851

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-9471

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Use-after-free

EUVDB-ID: #VU75994

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2162

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a use-after-free error within the scsi_sw_tcp_session_create() function in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. A local user can trigger a use-after-free error and gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Observable discrepancy

EUVDB-ID: #VU86309

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-45287

CWE-ID: CWE-203 - Observable discrepancy

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a timing discrepancy when handling RSA based TLS key exchanges. A remote attacker can perform a Marvin attack and gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Inefficient Algorithmic Complexity

EUVDB-ID: #VU82548

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-46136

CWE-ID: CWE-407 - Inefficient Algorithmic Complexity

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to high resource usage when parsing multipart/form-data. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU83631

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-47627

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests when AIOHTTP_NO_EXTENSIONS is enabled. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU85835

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21647

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests when parsing chunked transfer encoding bodies. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Division by zero

EUVDB-ID: #VU76665

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-32573

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a divide by zero error in src/svg/qsvghandler.cpp. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Integer overflow

EUVDB-ID: #VU75482

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48468

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within parse_required_member() function. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Resource exhaustion

EUVDB-ID: #VU85848

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6481

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in logback receiver component. A remote attacker can send send poisoned data, trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Information disclosure

EUVDB-ID: #VU79263

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20569

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to a side channel issue in AMD CPUs. A remote user can influence the return address prediction and gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Out-of-bounds write

EUVDB-ID: #VU79673

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2163

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in BPF verifier caused by improper marking of registers for precision tracking in certain situations. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Cleartext transmission of sensitive information

EUVDB-ID: #VU80228

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-40217

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error in ssl.SSLSocket implementation when handling TLS client authentication. A remote attacker can trick the application to send data unencrypted.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Use-after-free

EUVDB-ID: #VU77641

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34241

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error in cupsdAcceptClient(). A remote attacker can cause a denial of service condition on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Buffer overflow

EUVDB-ID: #VU75141

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-29491

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing malformed data in a terminfo database file. A local user can trigger memory corruption and execute arbitrary code on the target system.


Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Input validation error

EUVDB-ID: #VU75444

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1981

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A local user can initiate a DBUS call to the daemon and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Information disclosure

EUVDB-ID: #VU77164

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-32681

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Integer overflow

EUVDB-ID: #VU82942

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-5869

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in array modification. A remote user can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Improper Certificate Validation

EUVDB-ID: #VU75606

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-31486

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to missing verification of the TLS certificate. A remote attacker can perform MitM attack and trick the application into downloading a malicious file.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Out-of-bounds write

EUVDB-ID: #VU77450

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3138

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within src/InitExt.c in libX11. A remote attacker can send specially crafted data to the server, trigger an out-of-bounds write and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) OS Command Injection

EUVDB-ID: #VU72575

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48339

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation within the hfy-istext-command() function when parsing the "file" and "srcdir" parameters, if a file name or directory name contains shell metacharacter. A remote attacker can execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) OS Command Injection

EUVDB-ID: #VU72573

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48337

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation when parsing name of a source-code file in lib-src/etags.c. A remote attacker can trick the victim use the "etags -u *" command on the directory with attacker controlled content and execute arbitrary OS commands on the target system.


Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Heap-based buffer overflow

EUVDB-ID: #VU76761

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-32324

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the format_log_line() function cups/string.c when the "loglevel" is set to "DEBUG". A remote attacker can pass specially crafted data to the daemon, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Out-of-bounds write

EUVDB-ID: #VU78928

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3812

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the TUN/TAP device driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Resource exhaustion

EUVDB-ID: #VU71529

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3094

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when handling DNS updates. A remote attacker can trigger resource exhaustion by sending a flood of dynamic DNS updates.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Buffer overflow

EUVDB-ID: #VU81437

Risk: Low

CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2023-4911

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of GLIBC_TUNABLES environment variable. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

79) Path traversal

EUVDB-ID: #VU85950

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-20218

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to malicious pod/container can cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU75432

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-30630

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions when executing the command with the "--dump-bin" option. A local user can overwrite arbitrary files on the system and escalate privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Improper Certificate Validation

EUVDB-ID: #VU78913

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-29409

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to verifying certificate chains containing large RSA keys is slow. A remote attacker can cause a client/server to expend significant CPU time verifying signatures.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Use-after-free

EUVDB-ID: #VU83384

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-5633

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error when running inside a VMware guest with 3D acceleration enabled. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Use-after-free

EUVDB-ID: #VU82658

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-5178

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local authenticated user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drivers/nvme/target/tcp.c in nvmet_tcp_free_crypto due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

84) Use-after-free

EUVDB-ID: #VU80583

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4622

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the unix_stream_sendpage() function in af_unix component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Out-of-bounds write

EUVDB-ID: #VU81663

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-42753

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the netfilter subsystem in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps : before 4.4.0

External links

http://www.ibm.com/support/pages/node/7113751


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###