Multiple vulnerabilities in IBM Jazz for Service Management
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 11 |
| CVE-ID | CVE-2018-11775 CVE-2022-23307 CVE-2020-9493 CVE-2021-4104 CVE-2017-5643 CVE-2019-0188 CVE-2020-11971 CVE-2022-41678 CVE-2019-0222 CVE-2023-26464 CVE-2022-23302 CVE-2021-33813 |
| CWE-ID | CWE-297 CWE-502 CWE-918 CWE-611 CWE-350 CWE-400 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Jazz for Service Management Server applications / Other server solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Improper validation of certificate with host mismatch
EUVDB-ID: #VU14741
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-11775
CWE-ID:
CWE-297 - Improper Validation of Certificate with Host Mismatch
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a MitM attack.
The vulnerability exists due to the Apache ActiveMQ Client does not validate hostname when using SSL/TLS protocol to connect to the Apache ActiveMQ server. A remote attacker can perform a Man-in-the-Middle (MitM) attack and intercept all traffic between Java client and ActiveMQ server.
MitigationInstall update from vendor's website.
Vulnerable software versionsJazz for Service Management: 1.1.3 - 1.1.3.24
CPE2.3- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7237567
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Deserialization of Untrusted Data
EUVDB-ID: #VU59693
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-23307,CVE-2020-9493
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJazz for Service Management: 1.1.3 - 1.1.3.24
CPE2.3- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7237567
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Deserialization of Untrusted Data
EUVDB-ID: #VU58977
Risk: Medium
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-4104
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data in JMSAppender, when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution.
Note this issue only affects Log4j 1.2 when specifically configured to
use JMSAppender, which is not the default.
Install update from vendor's website.
Vulnerable software versionsJazz for Service Management: 1.1.3 - 1.1.3.24
CPE2.3- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7237567
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU111924
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-5643
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to validation Component of Apache Camel evaluates DTD headers of XML stream sources, although a validation against XML schemas (XSD) is executed. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJazz for Service Management: 1.1.3 - 1.1.3.24
CPE2.3- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7237567
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) XML External Entity injection
EUVDB-ID: #VU18570
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-0188
CWE-ID:
CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform XXE attacks.
The vulnerability exists due to usage of a third-party JSON-lib library vulnerable to XML external entity injection attacks. A remote attacker can send a specially crafted request to the affected application and read contents of arbitrary file on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versionsJazz for Service Management: 1.1.3 - 1.1.3.24
CPE2.3- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7237567
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Reliance on Reverse DNS Resolution for a Security-Critical Action
EUVDB-ID: #VU27956
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-11971
CWE-ID:
CWE-350 - Reliance on Reverse DNS Resolution for a Security-Critical Action
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to Apache Camel JMX is vulnerable to DNS rebinding attack. A remote attacker can send specially crafted data to the application and perform spoofing attack.
Install update from vendor's website.
Vulnerable software versionsJazz for Service Management: 1.1.3 - 1.1.3.24
CPE2.3- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7237567
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Deserialization of untrusted data
EUVDB-ID: #VU83534
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-41678
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data in Jolokia. A remote user can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsJazz for Service Management: 1.1.3 - 1.1.3.24
CPE2.3- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7237567
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource exhaustion
EUVDB-ID: #VU19300
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-0222
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when processing corrupt MQTT frames. A remote attacker can consume all memory resources on the system and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsJazz for Service Management: 1.1.3 - 1.1.3.24
CPE2.3- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7237567
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Resource exhaustion
EUVDB-ID: #VU73244
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-26464
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (i.e., deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed can exhaust the available memory in the virtual machine and achieve denial of service when the object is deserialized.
MitigationInstall update from vendor's website.
Vulnerable software versionsJazz for Service Management: 1.1.3 - 1.1.3.24
CPE2.3- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7237567
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Deserialization of Untrusted Data
EUVDB-ID: #VU59692
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-23302
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data in JMSSink. A remote attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests and execute arbitrary code on the target system.
Note, a non-default configuration with support for JMSSink is required to exploit this vulnerability.
Install update from vendor's website.
Vulnerable software versionsJazz for Service Management: 1.1.3 - 1.1.3.24
CPE2.3- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7237567
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) XML External Entity injection
EUVDB-ID: #VU61721
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-33813
CWE-ID:
CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied XML input within the SAXBuilder. A remote attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.
Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.
MitigationInstall update from vendor's website.
Vulnerable software versionsJazz for Service Management: 1.1.3 - 1.1.3.24
CPE2.3- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:jazz_for_service_management:1.1.3.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7237567
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
