SB2022112521 - Multiple vulnerabilities in IBM Cloud Pak for Watson AIOps
Published: November 25, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 13 secuirty vulnerabilities.
1) Resource exhaustion (CVE-ID: CVE-2022-36083)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the way application handles untrusted JWE tokens A remote attacker can trigger pass the PBKDF2-based JWE key with an extremely high PBES2 Count value and consume significant amount of CPU time, resulting in a denial of service conditions.
2) Information disclosure (CVE-ID: CVE-2022-21123)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.
3) Information disclosure (CVE-ID: CVE-2022-21125)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.
4) Information disclosure (CVE-ID: CVE-2022-21166)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.
5) Double Free (CVE-ID: CVE-2021-21797)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the JavaScript implementation. A remote attacker can trick a victim to open a specially crafted document, trigger double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Reachable Assertion (CVE-ID: CVE-2022-35941)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the AvgPoolOp function. A remote attacker can pass a negative value for the ksize argument to the affected function and crash the application.
7) Incorrect Regular Expression (CVE-ID: CVE-2021-42248)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing regular expressions. A remote attacker can pass specially crafted JSON input to the application and perform regular expression denial of service (ReDos) attack.
8) Incorrect Regular Expression (CVE-ID: CVE-2021-42836)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
9) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-40186)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to the application permits usage of entity aliases mapped to a single entity share with the same alias name. A local user can create a share with the same alias name as used by another user and wait for the other user to login. After the victim logs in, the attacker will be able to gain access to files metadata in the victim's share.
Successful exploitation of the vulnerability requires that templated ACL policy is enabled and that the policy uses alias.Name, which is derived from the alias name.
10) Improper Authentication (CVE-ID: CVE-2022-41316)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in the Certificate Revocation Lists (CRLs) implementation, which prevented Vault from denying access to users with revoked certificates without application reboot. As a result, when using TLS certificate authentication, Vault did not
correctly perform CRL revocation checks if login occurred between Vault
startup (or invalidation) and a manual retrieval of the CRL, allowing users to continue using the application with revoked certificates.
11) Resource exhaustion (CVE-ID: CVE-2021-36090)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when processing ZIP archives. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
12) Path traversal (CVE-ID: CVE-2020-29529)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when handling files and symlinks in Unpack function. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
13) Resource exhaustion (CVE-ID: CVE-2020-7219)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the HTTP/RPC services allowed unbounded resource usage. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.