SB20250716102 - Multiple vulnerabilities in IBM Netezza Analytics - NPS

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20250716102

SB20250716102 - Multiple vulnerabilities in IBM Netezza Analytics - NPS

Published: July 16, 2025

Security Bulletin ID SB20250716102
CSH Severity
High
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 27% Medium 36% Low 36%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 vulnerabilities.


1) Code Injection (CVE-ID: CVE-2024-6345)

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation when processing URL in the package_index module of pypa/setuptools. A remote attacker can send a specially crafted request and execute arbitrary code on the target system via download functions.


2) Incorrect Regular Expression (CVE-ID: CVE-2022-40897)

CWE-ID: CWE-185 - Incorrect Regular Expression

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing HTML content. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.


3) Buffer overflow (CVE-ID: CVE-2013-7459)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.


4) Information disclosure (CVE-ID: CVE-2018-6594)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear


The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists in the ElGamal implementation in PyCrypto due to generation of weak ElGamal key parameters by the source code in the lib/Crypto/PublicKey/ElGamal.py file. A remote attacker can gain access to potentially sensitive information.

5) Data Handling (CVE-ID: CVE-2018-20225)

CWE-ID: CWE-19 - Data Handling

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise the affected system.

The issue exists due to the way pip handles software versioning during installation with --extra-index-url option enabled, which results in the version with the highest version number to be installed, even if the user had intended to obtain a private package from a private index. A remote attacker compromise the repository and force installation of a malicious package.


6) Path traversal (CVE-ID: CVE-2019-20916)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences passed via URL to the install command within the _download_http_url() function in _internal/download.py. A remote attacker can send a specially crafted HTTP request with the Content-Disposition header that contains directory traversal characters in the filename and overwrite the /root/.ssh/authorized_keys file.


7) Command Injection (CVE-ID: CVE-2023-5752)

CWE-ID: CWE-77 - Command injection

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation when installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip. A remote attacker who controls the repository can use the specified Mercurial revision to inject arbitrary configuration options to the "hg clone" call (ie "--config").


8) Improper access control (CVE-ID: CVE-2018-1000805)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper access control in SSH server. A remote unauthenticated attacker can bypass access controls via unspecified vectors and execute arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


9) Authentication bypass (CVE-ID: CVE-2018-7750)

CWE-ID: CWE-592 - Authentication Bypass Issues

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear


The vulnerability allows a remote unauthenticated attacker to bypass authentication.

The weakness exists is due to improper security restrictions. A remote attacker can use a customized SSH client, bypass authentication and gain unauthorized access to resources on the target systemю

10) Race condition (CVE-ID: CVE-2022-24302)

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a race condition in the write_private_key_file() function between creation and chmod operations. A local user can exploit the race and gain unauthorized access to sensitive information.


11) Inadequate encryption strength (CVE-ID: CVE-2023-48795)

CWE-ID: CWE-326 - Inadequate Encryption Strength

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear


The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to incorrect implementation of the SSH Binary Packet Protocol (BPP), which mishandles the handshake phase and the use of sequence numbers. A remote attacker can perform MitM attack and delete the SSH2_MSG_EXT_INFO message sent before authentication starts, allowing the attacker to disable a subset of the keystroke timing obfuscation features introduced in OpenSSH 9.5.

The vulnerability was dubbed "Terrapin attack" and it affects both client and server implementations.


Remediation

Install update from vendor's website.

References