SB2025060221 - Multiple vulnerabilities in IBM Knowledge Catalog for IBM Cloud Pak for Data

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025060221

SB2025060221 - Multiple vulnerabilities in IBM Knowledge Catalog for IBM Cloud Pak for Data

Published: June 2, 2025 Updated: December 16, 2025

Security Bulletin ID SB2025060221
Severity
High
Patch available
YES
Number of vulnerabilities 30
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 13% Medium 50% Low 37%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 30 secuirty vulnerabilities.


1) Not a vulnerability (CVE-ID: CVE-2024-6531)

The reported issue was reviewed and determined not to constitute a security vulnerability.

Original description:

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via an anchor element (<a>), when used for carousel navigation with a data-slide attribute. A remote attacker can execute arbitrary JavaScript code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


2) Type Confusion (CVE-ID: CVE-2024-6119)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error when performing certificate name checks. A remote attacker can supply a specially crafted X.509 certificate to the server, trigger a type confusion error and perform a denial of service (DoS) attack.


3) Path traversal (CVE-ID: CVE-2024-49766)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to input validation error when processing UNC paths on Windows. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.


4) Resource exhaustion (CVE-ID: CVE-2024-49767)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within the werkzeug.formparser.MultiPartParser. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


5) Incorrect default permissions (CVE-ID: CVE-2024-23454)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the RunJar.run() method does not set permissions for temporary directory by default. A local user with access to the system can view contents of files and directories.


6) Deserialization of Untrusted Data (CVE-ID: CVE-2021-25642)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. A remote user with an access to ZooKeeper can run arbitrary commands as YARN user by exploiting this vulnerability.


7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-33036)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to improper permission assignment, which leads to security restrictions bypass and privilege escalation.


8) Inefficient regular expression complexity (CVE-ID: CVE-2024-52798)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

9) Security features bypass (CVE-ID: CVE-2024-56201)

The vulnerability allows a local user to bypass sandbox restrictions.

The vulnerability exists due to improper validation of user-supplied input.  A local user with the ability to control both the filename and the contents of a template can bypass sandbox restrictions.


10) Infinite loop (CVE-ID: CVE-2024-55565)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop. A remote user can consume all available system resources and cause denial of service conditions.


11) Improper Authorization (CVE-ID: CVE-2024-38827)

The vulnerability allows a remote attacker to bypass authorization.

The vulnerability exists due to presence of Locale dependent exceptions when using String.toLowerCase() and String.toUpperCase() for string comparison. A remote attacker can bypass authorization rules using specially crafted input.

Note, the vulnerability is related to #VU98795 (CVE-2024-38820).


12) Improper verification of cryptographic signature (CVE-ID: CVE-2024-48948)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect validation of valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an _truncateToN anomaly. Such behavior leads to valid signatures being rejected.


13) Resource exhaustion (CVE-ID: CVE-2023-52428)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of user requests by the PasswordBasedDecrypter (PBKDF2) component. A remote attacker can send a specially crafted request using a large JWE p2c header, trigger resource exhaustion and perform a denial of service (DoS) attack.


14) Infinite loop (CVE-ID: CVE-2024-5569)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop. A remote attacker can pass a specially crafted zip file to the application, consume all available system resources and cause denial of service conditions.


15) Improper input validation (CVE-ID: CVE-2022-34169)

The vulnerability allows a remote non-authenticated attacker to compromise the affected system.

The vulnerability exists due to an integer truncation issue when processing malicious XSLT stylesheets. A remote non-authenticated attacker can pass specially crafted data to the application to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode.


16) Security features bypass (CVE-ID: CVE-2024-56326)

The vulnerability allows a local user to bypass sandbox restrictions.

The vulnerability exists in the way the Jinja sandboxed environment detects calls to str.format.  A local user with the ability to control the contents of a template can bypass sandbox restrictions.

17) Deserialization of Untrusted Data (CVE-ID: CVE-2022-45047)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data within the org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider class. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


18) Input validation error (CVE-ID: CVE-2017-16026)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


19) Inefficient regular expression complexity (CVE-ID: CVE-2024-45296)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.


20) Inadequate Encryption Strength (CVE-ID: CVE-2024-41909)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to incorrect implementation of the SSH Binary Packet Protocol (BPP), which mishandles the handshake phase and the use of sequence numbers. A remote attacker can perform MitM attack and delete the SSH2_MSG_EXT_INFO message sent before authentication starts, allowing the attacker to disable a subset of the keystroke timing obfuscation features and perform "Terrapin attack".


21) Inadequate encryption strength (CVE-ID: CVE-2023-48795)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to incorrect implementation of the SSH Binary Packet Protocol (BPP), which mishandles the handshake phase and the use of sequence numbers. A remote attacker can perform MitM attack and delete the SSH2_MSG_EXT_INFO message sent before authentication starts, allowing the attacker to disable a subset of the keystroke timing obfuscation features introduced in OpenSSH 9.5.

The vulnerability was dubbed "Terrapin attack" and it affects both client and server implementations.


22) UNIX symbolic link following (CVE-ID: CVE-2023-35887)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to insecure symlink following that lead to files outside the RootedFileSystem. A remote user can identify presence of files on the system.


23) Input validation error (CVE-ID: CVE-2024-38809)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when parsing ETags from "If-Match" or "If-None-Match" request headers. A remote attacker can send a specially crafted HTTP request to the application and perform a denial of service (DoS) attack.


24) Insufficient verification of data authenticity (CVE-ID: CVE-2021-37533)

The vulnerability allows an attacker to redirect victim to a malicious host.

The vulnerability exists due to the application trusts the host from PASV response by default. A remote attacker can trick the victim into connecting to an attacker controlled FTP server and then redirect the application to another host.


25) Input validation error (CVE-ID: CVE-2024-47764)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of user-supplied cookies. A remote attacker can pass a specially crafted cookie to the application and alter values passed to the application.


26) Infinite loop (CVE-ID: CVE-2024-30172)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in the Ed25519 verification code. A remote attacker can pass a specially signature and public key to the application, consume all available system resources and cause denial of service conditions.


27) Resource exhaustion (CVE-ID: CVE-2024-29857)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to library does not properly control consumption of internal resources when importing an EC certificate with specially crafted F2m parameters. A remote attacker can pass a specially crafted certificate to the application to trigger resource exhaustion and perform a denial of service (DoS) attack.


28) Observable discrepancy (CVE-ID: CVE-2024-30171)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a possible timing based leakage in RSA based handshakes. A remote attacker can gain access to sensitive information.


29) Incorrect Regular Expression (CVE-ID: CVE-2024-21538)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.


30) Resource exhaustion (CVE-ID: CVE-2017-16138)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when mime lookup is performed on untrusted user input. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References