SB2022100554 - Multiple vulnerabilities in Red Hat Process Automation Manager
Published: October 5, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 19 secuirty vulnerabilities.
1) Improper initialization (CVE-ID: CVE-2022-21724)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to improper initialization in pgjdbc driver when handling attacker-controlled URL in connection properties as the driver does not verify if the class implements the expected interface before instantiating the class. A remote attacker can pass specially crafted URL to the affected application and execute arbitrary code in the system.
2) Prototype pollution (CVE-ID: CVE-2020-28477)
The vulnerability allows a remote attacker to execute arbitrary JavaScript code.
The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted request to the application and perform prototype pollution.
3) Incorrect Regular Expression (CVE-ID: CVE-2022-31129)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of user-supplied input when parsing overly long strings. A remote attacker can pass a string that contains more that 10k characters and perform regular expression denial of service (ReDoS) attack.
4) Input validation error (CVE-ID: CVE-2022-26520)
The vulnerability allows a remote attacker to create arbitrary files on the system.
The vulnerability exists due to insufficient validation of user-supplied input when handling jdbc URL or its properties. A remote attacker can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties.
Successful exploitation of the vulnerability may allow an attacker to create and executable arbitraru JSP file under a Tomcat web root.
5) Path traversal (CVE-ID: CVE-2022-24785)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the npm version of Moment.js. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
6) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2022-24772)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to incorrect RSA PKCS#1 v1.5 signature verification caused by a missing check or tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. A remote attacker can forge a signature and perform a man-in-the-middle (MitM) attack.
7) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2022-24771)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to a improper signature verification when checking the digestAlgorithm structure. A remote unauthenticated attacker can use a specially-crafted structure to steal padding bytes and use unchecked portion of the PKCS#1 encoded message to exploit this vulnerability and forge a signature when a low public exponent is being used.
8) Resource exhaustion (CVE-ID: CVE-2022-23913)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
9) Infinite loop (CVE-ID: CVE-2022-23437)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when parsing XML documents. A remote attacker can supply a specially crafted XML document, consume all available system resources and cause denial of service conditions.
10) Improper input validation (CVE-ID: CVE-2022-21363)
The vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Connector/J component in MySQL Connectors. A remote privileged user can exploit this vulnerability to execute arbitrary code.
11) Input validation error (CVE-ID: CVE-2020-7746)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to Prototype Pollution in the "options" parameter. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
12) Information disclosure (CVE-ID: CVE-2022-1650)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.
13) Incorrect authorization (CVE-ID: CVE-2022-1365)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to exposure of sensitive information due to insecure following of redirects. A remote attacker can force the application to redirect to a malicious website and gain access to authorization cookie.
14) Information disclosure (CVE-ID: CVE-2022-0722)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to cookies from another domain.
15) Information disclosure (CVE-ID: CVE-2022-0235)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the application follows the "Location" HTTP header redirect and passes authorization cookie to a third-party resource. A remote attacker can gain access to sensitive information.
16) Resource exhaustion (CVE-ID: CVE-2021-44906)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.
17) Prototype pollution (CVE-ID: CVE-2021-23436)
The vulnerability allows a remote attacker to execute arbitrary JavaScript code.
The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted request to the application and perform prototype pollution.
Note, the vulnerability exists due to incomplete fix for #VU57215.
18) Out-of-bounds write (CVE-ID: CVE-2020-36518)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger out-of-bounds write and cause a denial of service condition on the target system.
19) XML External Entity injection (CVE-ID: CVE-2022-2458)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied XML input within Business Central and Kie-Server APIs. A remote attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.
Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.
Remediation
Install update from vendor's website.