SB2022120403 - Multiple vulnerabilities in IBM Cloud Transformation Advisor
Published: December 4, 2022 Updated: March 25, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 17 secuirty vulnerabilities.
1) Creation of Temporary File With Insecure Permissions (CVE-ID: CVE-2022-24823)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to usage of insecure permissions for temporary files. A local user can view contents of temporary files and gain access to sensitive information.
2) Code Injection (CVE-ID: CVE-2022-42889)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an insecure variable interpolation when processing untrusted input. A remote attacker can send a specially crafted input and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability was dubbed Text4shell.
3) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2022-34165)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
4) Resource exhaustion (CVE-ID: CVE-2022-23772)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the Rat.SetString(0 function in math/big. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
5) Integer overflow (CVE-ID: CVE-2022-28327)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to integer overflow in the Golang's library crypto/elliptic. A remote attacker can send a specially crafted scalar input longer than 32 bytes to cause P256().ScalarMult or P256().ScalarBaseMult to panic and perform a denial of service attack.
6) Incorrect Regular Expression (CVE-ID: CVE-2022-24921)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in regexp.Compile in Go. A remote attacker can pass specially crafted input to the application and perform regular expression denial of service (ReDoS) attack.
7) Buffer overflow (CVE-ID: CVE-2022-24675)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in the Golang's library encoding/pem. A remote attacker can send to victim a large (more than 5 MB) PEM input to cause a stack overflow in Decode and perform a denial of service (DoS) attack.
8) Unchecked Return Value (CVE-ID: CVE-2022-23806)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to unchecked return value within the Curve.IsOnCurve() function in crypto/elliptic. A remote attacker can force the application to incorrectly return true in situations with a big.Int value that is not a valid field element. As a result, an attacker can modify application flow, which can lead to unauthorized data modification or denial of service.
9) Incorrect authorization (CVE-ID: CVE-2022-23773)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists within cmd/go, which can misinterpret branch names that falsely appear to be version tags. This can lead to a situation where an attacker can bypass implemented security restrictions and perform restricted actions, e.g. create tags when access was granted to create branches only.
10) Cleartext storage of sensitive information (CVE-ID: CVE-2021-21290)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to insecure usage of temporary files in AbstractDiskHttpData method in Netty. The application stores sensitive information in temporary file that has insecure permissions. A local user can view application's temporary file and gain access to potentially sensitive data.11) Open redirect (CVE-ID: CVE-2022-33987)
The vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to requested URLs are not verified and allow open redirection to a local UNIX socket. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
12) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2022-35256)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
13) Use of insufficiently random values (CVE-ID: CVE-2022-35255)
The vulnerability allows a remote attacker to decrypt sensitive information.
The vulnerability exists due to usage of weak randomness in WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. A remote attacker can decrypt sensitive information.
14) Cross-site scripting (CVE-ID: CVE-2022-36033)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of HTML code within the jsoup cleaner, including javascript: URL expressions when the non-default SafeList.preserveRelativeLinks option is enabled. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
15) Resource exhaustion (CVE-ID: CVE-2022-42004)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control usage of deeply nested arrays in BeanDeserializer._deserializeFromArray. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
16) Deserialization of Untrusted Data (CVE-ID: CVE-2022-42003)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insecure input validation when processing serialized data when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. A remote attacker can pass specially crafted data to the application and cause a denial of service condition on the target system.
17) Improper input validation (CVE-ID: CVE-2021-2163)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
Remediation
Install update from vendor's website.
References
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-vulnerable-to-multiple-vulnerabilities-6/"
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-vulnerable-to-multiple-vulnerabilities-6/</a><br>
- https://www.ibm.com/support/pages/node/6831799<br><br></p>