SB2024071780 - Multiple vulnerabilities in IBM Event Streams

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024071780

SB2024071780 - Multiple vulnerabilities in IBM Event Streams

Published: July 17, 2024

Security Bulletin ID SB2024071780
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2020-29582)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Signaling (Calico) component in Oracle Communications Cloud Native Core Network Slice Selection Function. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.


2) Security features bypass (CVE-ID: CVE-2022-24329)

CWE-ID: CWE-254 - Security Features

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote user to bypass certain security restrictions.

The vulnerability exists due to unspecified error, related to the ability to lock dependencies for Kotlin Multiplatform Gradle projects.



Remediation

Install update from vendor's website.

References