SB2025051252 - RSA Authentication Manager update for third-party components
Published: May 12, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 37 secuirty vulnerabilities.
1) Incorrect privilege assignment (CVE-ID: CVE-2024-10978)
The vulnerability allows a remote user to escalate privileges within the application.
The vulnerability exists due to incorrect privilege assignment when application uses SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. A remote user can force the application to reset their role to a wrong user ID and view or change different rows from those intended.
2) Path traversal (CVE-ID: CVE-2024-12088)
The vulnerability allows a remote server to write files to arbitrary locations on the system.
3) Information disclosure (CVE-ID: CVE-2024-12086)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application when handling checksums. A remote attacker can trick the victim into connecting to an attacker-controlled server and enumerate contents of arbitrary files on the client's machine, basically allowing a rouge server to read contents byte-by-byte of any file on the client's system.
This issue occurs when files are being copied from a client to a server.
4) Resource exhaustion (CVE-ID: CVE-2023-47108)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to grpc Unary Server Interceptor does not properly control consumption of internal resources when processing multiple requests. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
5) Resource exhaustion (CVE-ID: CVE-2023-45142)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect processing of HTTP header User-Agent and HTTP method. A remote attacker can send multiple requests with long randomly generated HTTP methods or/and User agents and consume memory resources, leading to a denial of service condition.6) Incorrect authorization (CVE-ID: CVE-2024-41110)
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to AuthZ zero length regression. A remote user can bypass authentication and gain elevated privileges.
7) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2024-10977)
The vulnerability allows a remote attacker to spoof error messages from the database.
The vulnerability exists due to an error in libpq, which allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. A remote attacker can perform a man-in-the-middle attack to send a long error message that a human or screen-scraper user of psql mistakes for valid query results.
8) Improper authorization (CVE-ID: CVE-2024-10979)
The vulnerability allows a remote user to compromise the affected system.
The vulnerability exists due to incorrect control of environment variables. A remote unprivileged database user can change sensitive process environment variables (e.g. PATH) and execute arbitrary code on the database server.
9) Improper privilege management (CVE-ID: CVE-2024-10976)
The vulnerability allows a remote user to bypass implemented security restrictions.
The vulnerability exists due to improper privilege management in cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. A remote user can bypass implemented security restrictions and gain unauthorized access to the database in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles.
10) Path traversal (CVE-ID: CVE-2024-12087)
The vulnerability allows a remote server to write files to arbitrary locations on the system.
The vulnerability exists due to input validation error when using "--inc-recursive" option. A remote attacker can can trick the victim into connecting to a rouge rsync server and write arbitrary files to arbitrary locations on the client system.
11) Improper input validation (CVE-ID: CVE-2025-21502)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
12) Improper input validation (CVE-ID: CVE-2025-21535)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Core component in Oracle WebLogic Server. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.
13) Resource exhaustion (CVE-ID: CVE-2024-47554)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling untrusted input passed to the org.apache.commons.io.input.XmlStreamReader class. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
14) Improper input validation (CVE-ID: CVE-2025-21549)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Core component in Oracle WebLogic Server. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.
15) Resource exhaustion (CVE-ID: CVE-2024-29857)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to library does not properly control consumption of internal resources when importing an EC certificate with specially crafted F2m parameters. A remote attacker can pass a specially crafted certificate to the application to trigger resource exhaustion and perform a denial of service (DoS) attack.
16) Cross-site scripting (CVE-ID: CVE-2024-23635)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when parsing comment tags. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of the vulnerability requires that the preserveComments directive is enabled in policy file.
17) Race condition (CVE-ID: CVE-2024-12747)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a race condition when handling symbolic links. A local user can replace a file with a symbolic link, bypass implemented protection in rsync that prevents software from following symbolic links and read contents of arbitrary files on the system with elevated privileges.
18) Use of Uninitialized Variable (CVE-ID: CVE-2024-12085)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to information leak when comparing file checksums. A remote attacker can pass specially crafted data to the daemon and read 1 byte of uninitialized memory from stack.
19) Resource exhaustion (CVE-ID: CVE-2024-12133)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources processing a large number of SEQUENCE OF or SET OF elements in a certificate. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
20) Buffer overflow (CVE-ID: CVE-2024-42145)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the MODULE_AUTHOR(), __get_agent(), send_handler(), recv_handler() and ib_umad_read() functions in drivers/infiniband/core/user_mad.c. A local user can perform a denial of service (DoS) attack.
21) Input validation error (CVE-ID: CVE-2024-57791)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the smc_clc_wait_msg() function in net/smc/smc_clc.c. A local user can perform a denial of service (DoS) attack.
22) Out-of-bounds read (CVE-ID: CVE-2022-3435)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the fib_nh_match() function in net/ipv4/fib_semantics.c IPv4 handler. A remote attacker can send specially crafted data to the system, trigger an out-of-bounds read error and read contents of memory on the system.
23) Input validation error (CVE-ID: CVE-2022-48960)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hix5hd2_rx() function in drivers/net/ethernet/hisilicon/hix5hd2_gmac.c. A local user can perform a denial of service (DoS) attack.
24) Input validation error (CVE-ID: CVE-2022-48962)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hisi_femac_rx() function in drivers/net/ethernet/hisilicon/hisi_femac.c. A local user can perform a denial of service (DoS) attack.
25) Input validation error (CVE-ID: CVE-2022-48967)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nci_add_new_protocol() function in net/nfc/nci/ntf.c. A local user can perform a denial of service (DoS) attack.
26) NULL pointer dereference (CVE-ID: CVE-2023-46343)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the send_acknowledge() function in net/nfc/nci/spi.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
27) Spoofing attack (CVE-ID: CVE-2023-52881)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error within the tcp_ack() function in net/ipv4/tcp_input.c, which can result in system accepting ACK responses for bytes that were never sent. A remote attacker can perform spoofing attack.
28) Input validation error (CVE-ID: CVE-2024-49974)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfs4_state_create_net() function in fs/nfsd/nfs4state.c, within the nfs4_put_copy() and nfsd4_copy() functions in fs/nfsd/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
29) Input validation error (CVE-ID: CVE-2024-20380)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the HTML file parser. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
30) Off-by-one (CVE-ID: CVE-2024-52533)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an off-by-one error in gio/gsocks4aproxy.c when handling responses from SOCKS4 proxy. A remote attacker can trick the victim into connecting to a malicious SOCKS4 proxy server, trigger an off-by-one error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
31) Information disclosure (CVE-ID: CVE-2025-0167)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to application can leak credentials when asked to use a .netrc file for credentials and to follow HTTP redirects. A remote attacker can gain access to sensitive information.
32) Integer overflow (CVE-ID: CVE-2025-0725)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow when handling gzip decompression of content-encoded HTTP responses with the CURLOPT_ACCEPT_ENCODING option using zlib 1.2.0.3 or older. A remote attacker can send specially crafted response to the application, trigger an integer overflow and execute arbitrary code on the target system.
33) Covert Timing Channel (CVE-ID: CVE-2024-13176)
The vulnerability allows a remote attacker to recover a private key.
The vulnerability exists due to a timing side-channel in ECDSA signature computations. A remote attacker can recover the private key and decrypt data.
Successful exploitation of the vulnerability requires that the attacker's process must either be located in the same physical computer or must have a very fast network connection with low latency.
34) Out-of-bounds read (CVE-ID: CVE-2024-20505)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the PDF file parser. A remote attacker can pass a specially crafted PDF file to the antivirus, trigger an out-of-bounds read error and crash the antivirus engine.
35) Infinite loop (CVE-ID: CVE-2023-20197)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in the HFS+ file parser. A remote attacker can consume all available system resources and cause denial of service conditions.
36) Heap-based buffer overflow (CVE-ID: CVE-2025-20128)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when decrypting OLE2 file format. A remote attacker can pass a specially crafted file to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.
37) Stack-based buffer overflow (CVE-ID: CVE-2018-14679)
The vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists due to stack-based buffer overflow the read_chunk function, as defined in the mspack/chmd.c source code file. A local attacker can send a specially crafted request that submits malicious input, trigger memory corruption and cause the service to crash.
Remediation
Install update from vendor's website.