SB2021010506 - Multiple vulnerabilities in IBM Cloud Pak System
Published: January 5, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 secuirty vulnerabilities.
1) Cross-site request forgery (CVE-ID: CVE-2020-4917)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
2) Arbitrary file upload (CVE-ID: CVE-2020-4928)
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload. A local user can upload a malicious file and execute it on the server.
3) Session Fixation (CVE-ID: CVE-2020-4919)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the session invalidation issue. A remote authenticated attacker can impersonate another user on the system.
4) Information disclosure (CVE-ID: CVE-2020-4918)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to an insecure direct object reference in sell service console. A local user can gain unauthorized access to sensitive information on the system.
5) Cross-site scripting (CVE-ID: CVE-2020-4916)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
6) Information disclosure (CVE-ID: CVE-2020-4913)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A local user can reveal credential information.
7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-4912)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions. A remote authenticated attacker can capture the user request URL and escalate privileges.
8) Cross-site scripting (CVE-ID: CVE-2020-4910)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
9) Cross-site scripting (CVE-ID: CVE-2020-4909)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Web UI. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Remediation
Install update from vendor's website.