Multiple vulnerabilities in IBM Sterling Order Management



Published: 2024-04-17
Risk High
Patch available YES
Number of vulnerabilities 23
CVE-ID CVE-2021-31805
CVE-2013-2248
CVE-2013-2135
CVE-2013-2134
CVE-2013-1966
CVE-2013-1965
CVE-2012-4387
CVE-2012-0838
CVE-2012-0393
CVE-2012-0392
CVE-2012-0391
CVE-2010-1870
CVE-2020-17530
CVE-2019-0233
CVE-2019-0230
CVE-2017-12611
CVE-2016-4436
CVE-2016-3082
CVE-2015-5209
CVE-2014-0113
CVE-2014-0112
CVE-2013-4316
CVE-2013-2115
CWE-ID CWE-94
CWE-20
CWE-233
CWE-264
CWE-254
CWE-284
CWE-121
CWE-16
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #4 is available.
Public exploit code for vulnerability #10 is available.
Vulnerability #11 is being exploited in the wild.
Public exploit code for vulnerability #12 is available.
Vulnerability #13 is being exploited in the wild.
Public exploit code for vulnerability #15 is available.
Public exploit code for vulnerability #16 is available.
Public exploit code for vulnerability #21 is available.
Public exploit code for vulnerability #23 is available.
Vulnerable software
Subscribe
IBM Sterling Order Management
Other software / Other software solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 23 vulnerabilities.

1) Code Injection

EUVDB-ID: #VU62084

Risk: High

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-31805

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation caused by incomplete fix for #VU48815 (CVE-220-17530). Still some of the tag's attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Sterling Order Management : before 10.0.2403.1

CPE2.3
External links

http://www.ibm.com/support/pages/node/7148203


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Input validation error

EUVDB-ID: #VU88759

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2013-2248

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform redirect attacks.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Sterling Order Management : before 10.0.2403.1

CPE2.3
External links

http://www.ibm.com/support/pages/node/7148203


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Code Injection

EUVDB-ID: #VU88752

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2013-2135

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted request and execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Sterling Order Management : before 10.0.2403.1

CPE2.3
External links

http://www.ibm.com/support/pages/node/7148203


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Code Injection

EUVDB-ID: #VU88754

Risk: High

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2013-2134

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Sterling Order Management : before 10.0.2403.1

CPE2.3
External links

http://www.ibm.com/support/pages/node/7148203


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Code Injection

EUVDB-ID: #VU88757

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2013-1966

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Sterling Order Management : before 10.0.2403.1

CPE2.3
External links

http://www.ibm.com/support/pages/node/7148203


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper Handling of Parameters

EUVDB-ID: #VU88744

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2013-1965

CWE-ID: CWE-233 - Improper Handling of Parameters

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper handling of parameters. A remote unauthenticated attacker can trigger vulnerability and execute arbitrary OGNL code via a crafted parameter name.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Sterling Order Management : before 10.0.2403.1

CPE2.3
External links

http://www.ibm.com/support/pages/node/7148203


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU88746

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2012-4387

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to application does not properly impose security restrictions. A remote attacker can cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Sterling Order Management : before 10.0.2403.1

CPE2.3
External links

http://www.ibm.com/support/pages/node/7148203


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Input validation error

EUVDB-ID: #VU88747

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2012-0838

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to Apache Struts evaluates a string as an OGNL expression during the handling of a conversion error. A remote attacker can pass specially crafted input to the application to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Sterling Order Management : before 10.0.2403.1

CPE2.3
External links

http://www.ibm.com/support/pages/node/7148203


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU88750

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2012-0393

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to parameterInterceptor component in Apache Struts does not prevent access to public constructors. A remote attacker can create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Sterling Order Management : before 10.0.2403.1

CPE2.3
External links

http://www.ibm.com/support/pages/node/7148203


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Code Injection

EUVDB-ID: #VU49061

Risk: High

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2012-0392

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper access restrictions within the CookieInterceptor component in Apache Struts. A remote attacker can send a specially crafted HTTP Cookie header that triggers Java code execution through a static method and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Sterling Order Management : before 10.0.2403.1

CPE2.3
External links

http://www.ibm.com/support/pages/node/7148203


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

11) Code Injection

EUVDB-ID: #VU49062

Risk: High

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2012-0391

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation within the ExceptionDelegator component in Apache Struts when interpreting parameter values as OGNL expressions during certain exception handling for mismatched data types of properties. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Sterling Order Management : before 10.0.2403.1

CPE2.3
External links

http://www.ibm.com/support/pages/node/7148203


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

12) Security features bypass

EUVDB-ID: #VU88567

Risk: Medium

CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:O/RC:C]

CVE-ID: CVE-2010-1870

CWE-ID: CWE-254 - Security Features

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to OGNL extensive expression evaluation capability in XWork in Struts uses a permissive whitelist. A remote attacker can bypass security restrictions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Sterling Order Management : before 10.0.2403.1

CPE2.3
External links

http://www.ibm.com/support/pages/node/7148203


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

13) Code Injection

EUVDB-ID: #VU48815

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2020-17530

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation when processing certain tag's attributes. The application performs double evaluation of the code if a developer applied forced OGNL evaluation by using the %{...} syntax. A remote attacker can send a specially crafted request to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Sterling Order Management : before 10.0.2403.1

CPE2.3
External links

http://www.ibm.com/support/pages/node/7148203


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

14) Improper access control

EUVDB-ID: #VU45702

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-0233

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due stack-accessible values (e.g. Action properties) of type java.io.File and java.nio.File as well as other classes from these standard library packages are not properly protected by the framework. When a file upload is performed to an Action that exposes the file with a getter, an attacker may manipulate the request such that the working copy of the uploaded file is set to read-only. As a result, subsequent actions on the file will fail with an error. It might also be possible to set the Servlet container's temp directory to read only, such that subsequent upload actions will fail.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Sterling Order Management : before 10.0.2403.1

CPE2.3
External links

http://www.ibm.com/support/pages/node/7148203


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Code Injection

EUVDB-ID: #VU45703

Risk: High

CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2019-0230

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The Apache Struts frameworks, when forced, performs double evaluation of attributes' values assigned to certain tags attributes such as id so it is possible to pass in a value that will be evaluated again when a tag's attributes will be rendered. With a carefully crafted request, this can lead to Remote Code Execution (RCE).

The problem only applies when forcing OGNL evaluation inside a Struts tag attribute, when the expression to evaluate references raw, unvalidated input that an attacker is able to directly modify by crafting a corresponding request.

Example:

<s:url var="url" namespace="/employee" action="list"/><s:a id="%{skillName}" href="%{url}">List available Employees</s:a>

If an attacker is able to modify the skillName attribute in a request such that a raw OGNL expression gets passed to the skillName property without further validation, the provided OGNL expression contained in the skillName attribute gets evaluated when the tag is rendered as a result of the request.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Sterling Order Management : before 10.0.2403.1

CPE2.3
External links

http://www.ibm.com/support/pages/node/7148203


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

16) Remote code execution

EUVDB-ID: #VU8213

Risk: Medium

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-12611

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists due to the unsafe use of writable expression values in Freemarker content. A remote attacker can add malicious values to writable expressions that the attacker submits to the affected application for processing and execute arbitrary code in the security context of the affected application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Sterling Order Management : before 10.0.2403.1

CPE2.3
External links

http://www.ibm.com/support/pages/node/7148203


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

17) Stack-based buffer overflow

EUVDB-ID: #VU88741

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-4436

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists via vectors related to improper action name clean up.. A remote unauthenticated attacker can trigger the vulnerability and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Sterling Order Management : before 10.0.2403.1

CPE2.3
External links

http://www.ibm.com/support/pages/node/7148203


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper Handling of Parameters

EUVDB-ID: #VU88742

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-3082

CWE-ID: CWE-233 - Improper Handling of Parameters

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper handling of parameters. A remote unauthenticated attacker can trigger vulnerability and execute arbitrary code via the stylesheet location parameter.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Sterling Order Management : before 10.0.2403.1

CPE2.3
External links

http://www.ibm.com/support/pages/node/7148203


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Input validation error

EUVDB-ID: #VU82284

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-5209

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to modify data on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Sterling Order Management : before 10.0.2403.1

CPE2.3
External links

http://www.ibm.com/support/pages/node/7148203


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU88558

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-0113

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to CookieInterceptor in Apache Struts does not properly restrict access to the getClass method, when a wildcard cookiesName value is used. A remote attacker can "manipulate" the ClassLoader and execute arbitrary code via a crafted request.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Sterling Order Management : before 10.0.2403.1

CPE2.3
External links

http://www.ibm.com/support/pages/node/7148203


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU68588

Risk: High

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2014-0112

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper access restrictions within the getClass method in ParametersInterceptor. A remote non-authenticated attacker can manipulate the ClassLoader via a specially crafted request and execute arbitrary code on the system.

Note, the vulnerability exists due to incomplete fix for #VU5234 (CVE-2014-0094).

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Sterling Order Management : before 10.0.2403.1

CPE2.3
External links

http://www.ibm.com/support/pages/node/7148203


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

22) Configuration

EUVDB-ID: #VU82186

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2013-4316

CWE-ID: CWE-16 - Configuration

Exploit availability: No

Description

The issue may allow a remote attacker to bypass implemented security restrictions.

The issue exists due to Apache Struts enables Dynamic Method Invocation by default. A remote attacker can trigger the vulnerability to bypass implemented security restrictions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Sterling Order Management : before 10.0.2403.1

CPE2.3
External links

http://www.ibm.com/support/pages/node/7148203


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Code Injection

EUVDB-ID: #VU88559

Risk: High

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2013-2115

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability occurs when a crafted request is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Sterling Order Management : before 10.0.2403.1

CPE2.3
External links

http://www.ibm.com/support/pages/node/7148203


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.



###SIDEBAR###