Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 5 |
CVE-ID | CVE-2021-32803 CVE-2021-32804 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 |
CWE-ID | CWE-36 CWE-22 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
IBM Edge Application Manager Client/Desktop applications / Software for system administration |
Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
EUVDB-ID: #VU58206
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-32803
CWE-ID:
CWE-36 - Absolute Path Traversal
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to overwrite arbitrary files on the system.
The vulnerability exists due to a logic issue when extracting tar files that contained both a directory
and a symlink with the same name as the directory. This order of
operations resulted in the directory being created and added to the node-tar
directory cache. When a directory is present in the directory cache,
subsequent calls to mkdir for that directory are skipped. However, this
is also where node-tar
checks for symlinks occur.
By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass node-tar
symlink checks on directories, essentially allowing an untrusted tar
file to symlink into an arbitrary location and subsequently extracting
arbitrary files into that location, thus allowing arbitrary file
creation and overwrite.
Install update from vendor's website.
Vulnerable software versionsIBM Edge Application Manager: 4.3 - 4.4
CPE2.3https://www.ibm.com/support/pages/node/6991615
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58205
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-32804
CWE-ID:
CWE-36 - Absolute Path Traversal
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to overwrite arbitrary files on the system.
The vulnerability exists due to a logic issue when file paths contained repeated path roots such as ////home/user/.bashrc
. node-tar
would only strip a single path root from such paths. When given an
absolute file path with repeating path roots, the resulting path (e.g. ///home/user/.bashrc
) would still resolve to an absolute path, thus allowing arbitrary file creation and overwrite.
Install update from vendor's website.
Vulnerable software versionsIBM Edge Application Manager: 4.3 - 4.4
CPE2.3https://www.ibm.com/support/pages/node/6991615
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58202
Risk: Medium
CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-37701
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to overwrite arbitrary files on the system.
The vulnerability exists due to input validation error when extracting tar files that contained both a directory and a symlink with
the same name as the directory, where the symlink and directory names in
the archive entry used backslashes as a path separator on posix
systems. A remote attacker can create a specially crafted archive and overwrite arbitrary files on the system.
Install update from vendor's website.
Vulnerable software versionsIBM Edge Application Manager: 4.3 - 4.4
CPE2.3https://www.ibm.com/support/pages/node/6991615
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58203
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-37712
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when extracting tar files that contained two directories and a symlink
with names containing unicode values that normalized to the same value. A remote attacker can create a specially crafted archive that, when extracted, can overwrite arbitrary files on the system.
Install update from vendor's website.
Vulnerable software versionsIBM Edge Application Manager: 4.3 - 4.4
CPE2.3https://www.ibm.com/support/pages/node/6991615
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU58204
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-37713
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to overwrite arbitrary files on the system.
The vulnerability exists due insufficient logic on Windows systems when extracting tar files that contained a path that
was not an absolute path, but specified a drive letter different from
the extraction target, such as C:some\path
. If the drive letter does not match the extraction target, for example D:\extraction\dir
, then the result of path.resolve(extractionDirectory, entryPath)
would resolve against the current working directory on the C:
drive, rather than the extraction target directory.
Install update from vendor's website.
Vulnerable software versionsIBM Edge Application Manager: 4.3 - 4.4
CPE2.3https://www.ibm.com/support/pages/node/6991615
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.