SB2024050215 - Multiple vulnerabilities in IBM Cognos Analytics
Published: May 2, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Security features bypass (CVE-ID: CVE-2024-25047)
The vulnerability allows a remote attacker to modify data on the system.
The vulnerability exists due to improper sanitizing of user provided data. A remote unauthenticated attacker can trigger the vulnerability and modify data on the system.
2) Authorization bypass through user-controlled key (CVE-ID: CVE-2023-44981)
The vulnerability allows a remote attacker to bypass authorization process.
The vulnerability exists due to improper implementation of SASL Quorum Peer authentication. The instance part in SASL authentication ID, which is listed in zoo.cfg server
list, is optional and if it's missing,
the authorization check will be skipped. As a
result an arbitrary endpoint could join the cluster and begin
propagating counterfeit changes to the leader, essentially giving it
complete read-write access to the data tree.
3) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2023-5072)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to allocation of resources without limits or throttling. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
4) Resource exhaustion (CVE-ID: CVE-2023-34462)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources if no idle timeout handler was configured. A remote attacker can send a client hello packet, which leads the server to buffer up to 16MB of data per connection and results in a denial of service condition.
5) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2022-23540)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insecure default algorithm in jwt.verify(). A remote attacker can cause signature validation bypass.
6) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2022-23541)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insecure implementation of key retrieval function. A remote user attacker can cause successful validation of forged tokens.
7) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2022-23539)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insecure key types are used for signature verification. A remote user can enable legacy keys usage.
8) Improper Certificate Validation (CVE-ID: CVE-2023-31484)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to missing verification of the TLS certificate when downloading distributions. A remote attacker can perform MitM attack and trick the application into downloading a malicious file.
9) Prototype pollution (CVE-ID: CVE-2020-15366)
The disclosed vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can inject and execute arbitrary script code.
10) Improper validation of certificate with host mismatch (CVE-ID: CVE-2021-28363)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to urllib3 library for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given
via proxy_config) doesn't verify the hostname of the certificate. This
means certificates for different servers that still validate properly
with the default urllib3 SSLContext will be silently accepted. A remote attacker can supply a valid SSL certificate for a different hostname and perform Man-in-the-Middle (MitM) attack.
Remediation
Install update from vendor's website.