SB2022110331 - Multiple vulnerabilities in Red Hat Single Sign-On 7.6 on RHEL 9 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022110331

SB2022110331 - Multiple vulnerabilities in Red Hat Single Sign-On 7.6 on RHEL 9

Published: November 3, 2022

Security Bulletin ID SB2022110331
Severity
Critical
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Critical 14% Medium 29% Low 57%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2020-36518)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger out-of-bounds write and cause a denial of service condition on the target system.


2) Deserialization of Untrusted Data (CVE-ID: CVE-2021-42392)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data within the org.h2.util.JdbcUtils.getConnection method. A remote attacker can pass a JNDI driver name and a URL leading to a LDAP or RMI servers and execute arbitrary code on the system.


3) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2021-43797)

The vulnerability allows a remote attacker to preform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests when processing control chars present at the beginning / end of the header name. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.


4) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2022-0084)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to notifyReadClosed method from main/java/org/xnio/StreamConnection.java logs data into debug log instead of stderr. As a result, an attacker can trigger the application to log enormous amount of data and consume all available space.


5) Cross-site scripting (CVE-ID: CVE-2022-0225)

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via the group name while creating a new group from the admin console. A remote privileged user can inject and execute arbitrary HTML and JavaScript code in victim's browser.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


6) Incorrect authorization (CVE-ID: CVE-2022-0866)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect authorization. The vulnerability can lead to possible disclosure of the wrong caller principal that can be returned from EJBComponent#getCallerPrincipal.

7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-2668)

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to application allows to upload an arbitrary JavaScript for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled. A remote user can upload a potentially dangerous file and perform XSS attacks.


Remediation

Install update from vendor's website.

References