SB2023040510 - Multiple vulnerabilities in IBM QRadar Data Synchronization

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2022-0235)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the application follows the "Location" HTTP header redirect and passes authorization cookie to a third-party resource. A remote attacker can gain access to sensitive information.

2) Incorrect Regular Expression (CVE-ID: CVE-2022-31129)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of user-supplied input when parsing overly long strings. A remote attacker can pass a string that contains more that 10k characters and perform regular expression denial of service (ReDoS) attack.

3) Path traversal (CVE-ID: CVE-2022-24785)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the npm version of Moment.js. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

4) Information disclosure (CVE-ID: CVE-2022-29244)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=`). Anyone who has run `npm pack` or `npm publish` inside a workspace, may be affected and have published files into the npm registry they did not intend to include.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/support/pages/node/6980799