Multiple vulnerabilities in IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway, Configuration Utility, VPN, Certificate and Base Module
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 16 |
| CVE-ID | CVE-2023-27533 CVE-2023-0286 CVE-2023-0215 CVE-2022-4304 CVE-2023-27535 CVE-2023-27538 CVE-2023-27534 CVE-2023-27537 CVE-2023-27536 CVE-2022-41881 CVE-2023-0217 CVE-2022-4203 CVE-2023-0401 CVE-2023-0216 CVE-2022-4450 CVE-2022-41915 |
| CWE-ID | CWE-20 CWE-843 CWE-416 CWE-208 CWE-371 CWE-200 CWE-415 CWE-835 CWE-476 CWE-125 CWE-763 CWE-113 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
IBM MaaS360 Mobile Enterprise Gateway Server applications / Other server solutions IBM MaaS360 Cloud Extender Agent Server applications / Other server solutions IBM MaaS360 VPN Module Server applications / Remote access servers, VPN MaaS360 Configuration Utility Other software / Other software solutions MaaS360 PKI Certificate Module Other software / Other software solutions IBM MaaS360 Base Module Other software / Other software solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 16 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU73826
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27533
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to manipulate requests.
The vulnerability exists due to missing documentation of the TELNET protocol support and the ability to pass on user name and "telnet options" for the server negotiation. A remote attacker can manipulate the connection sending unexpected data to the server via the affected client.
Install update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.100
IBM MaaS360 VPN Module: before 3.000.100
MaaS360 Configuration Utility: before 3.000.100
MaaS360 PKI Certificate Module : before 3.000.100
IBM MaaS360 Base Module: before 3.000.100
IBM MaaS360 Cloud Extender Agent: before 3.000.100.069
External linkshttp://www.ibm.com/support/pages/node/7001689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Type Confusion
EUVDB-ID: #VU71992
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0286
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error related to X.400 address processing inside an X.509 GeneralName. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and perform a denial of service (DoS) attack or read memory contents.
In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
Install update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.100
IBM MaaS360 VPN Module: before 3.000.100
MaaS360 Configuration Utility: before 3.000.100
MaaS360 PKI Certificate Module : before 3.000.100
IBM MaaS360 Base Module: before 3.000.100
IBM MaaS360 Cloud Extender Agent: before 3.000.100.069
External linkshttp://www.ibm.com/support/pages/node/7001689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU71995
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0215
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the BIO_new_NDEF function. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.100
IBM MaaS360 VPN Module: before 3.000.100
MaaS360 Configuration Utility: before 3.000.100
MaaS360 PKI Certificate Module : before 3.000.100
IBM MaaS360 Base Module: before 3.000.100
IBM MaaS360 Cloud Extender Agent: before 3.000.100.069
External linkshttp://www.ibm.com/support/pages/node/7001689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information Exposure Through Timing Discrepancy
EUVDB-ID: #VU71993
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4304
CWE-ID:
CWE-208 - Information Exposure Through Timing Discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain sensitive information.
The vulnerability exists due to a timing based side channel exists in the OpenSSL RSA Decryption implementation. A remote attacker can perform a Bleichenbacher style attack and decrypt data sent over the network.
To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
Install update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.100
IBM MaaS360 VPN Module: before 3.000.100
MaaS360 Configuration Utility: before 3.000.100
MaaS360 PKI Certificate Module : before 3.000.100
IBM MaaS360 Base Module: before 3.000.100
IBM MaaS360 Cloud Extender Agent: before 3.000.100.069
External linkshttp://www.ibm.com/support/pages/node/7001689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) State Issues
EUVDB-ID: #VU73828
Risk: Low
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27535
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to FTP server.
The vulnerability exists due to cURL will reuse a previously created FTP connection even when one or more options had been changed that could have made the effective user a very different one. A remote attacker can connect to the FTP server using credentials supplied by another user and gain access to otherwise restricted functionality.
The settings in questions are CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC and CURLOPT_USE_SSL level.
Install update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.100
IBM MaaS360 VPN Module: before 3.000.100
MaaS360 Configuration Utility: before 3.000.100
MaaS360 PKI Certificate Module : before 3.000.100
IBM MaaS360 Base Module: before 3.000.100
IBM MaaS360 Cloud Extender Agent: before 3.000.100.069
External linkshttp://www.ibm.com/support/pages/node/7001689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU73831
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27538
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way libcurl handles previously used connections in a connection pool for subsequent transfers. Several SSH settings were left out from the configuration match checks, resulting in erroneous matches for different resources. As a result, libcurl can send authentication string from one resource to another, exposing credentials to a third-party. MitigationInstall update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.100
IBM MaaS360 VPN Module: before 3.000.100
MaaS360 Configuration Utility: before 3.000.100
MaaS360 PKI Certificate Module : before 3.000.100
IBM MaaS360 Base Module: before 3.000.100
IBM MaaS360 Cloud Extender Agent: before 3.000.100.069
External linkshttp://www.ibm.com/support/pages/node/7001689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU73827
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27534
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in the SFTP support when handling the tilde "~" character in the filepath. cURL will replace the tilde character to the current user's home directory and can reveal otherwise restricted files.
Install update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.100
IBM MaaS360 VPN Module: before 3.000.100
MaaS360 Configuration Utility: before 3.000.100
MaaS360 PKI Certificate Module : before 3.000.100
IBM MaaS360 Base Module: before 3.000.100
IBM MaaS360 Cloud Extender Agent: before 3.000.100.069
External linkshttp://www.ibm.com/support/pages/node/7001689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Double Free
EUVDB-ID: #VU73830
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27537
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when sharing HSTS data between connection. A remote attacker can initiate HSTS connection, trigger a double free error and execute arbitrary code on the target system.
Install update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.100
IBM MaaS360 VPN Module: before 3.000.100
MaaS360 Configuration Utility: before 3.000.100
MaaS360 PKI Certificate Module : before 3.000.100
IBM MaaS360 Base Module: before 3.000.100
IBM MaaS360 Cloud Extender Agent: before 3.000.100.069
External linkshttp://www.ibm.com/support/pages/node/7001689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) State Issues
EUVDB-ID: #VU73829
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27536
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to cURL will reuse a previously created connection even when the GSS delegation (CURLOPT_GSSAPI_DELEGATION) option had been changed that could have changed the user's permissions in a second transfer. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, this GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.100
IBM MaaS360 VPN Module: before 3.000.100
MaaS360 Configuration Utility: before 3.000.100
MaaS360 PKI Certificate Module : before 3.000.100
IBM MaaS360 Base Module: before 3.000.100
IBM MaaS360 Cloud Extender Agent: before 3.000.100.069
External linkshttp://www.ibm.com/support/pages/node/7001689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Infinite loop
EUVDB-ID: #VU70118
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-41881
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the HaProxyMessageDecoder when parsing a TLV with type of "PP2_TYPE_SSL". A remote attacker can pass a specially crafted message to consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.100
IBM MaaS360 VPN Module: before 3.000.100
MaaS360 Configuration Utility: before 3.000.100
MaaS360 PKI Certificate Module : before 3.000.100
IBM MaaS360 Base Module: before 3.000.100
IBM MaaS360 Cloud Extender Agent: before 3.000.100.069
External linkshttp://www.ibm.com/support/pages/node/7001689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU71998
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0217
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when validating the DSA public key. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.100
IBM MaaS360 VPN Module: before 3.000.100
MaaS360 Configuration Utility: before 3.000.100
MaaS360 PKI Certificate Module : before 3.000.100
IBM MaaS360 Base Module: before 3.000.100
IBM MaaS360 Cloud Extender Agent: before 3.000.100.069
External linkshttp://www.ibm.com/support/pages/node/7001689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU71994
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4203
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when performing name constraint checking of the X.509 certificates. A remote attacker can pass a specially crafted X.509 certificate to the affected server, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.100
IBM MaaS360 VPN Module: before 3.000.100
MaaS360 Configuration Utility: before 3.000.100
MaaS360 PKI Certificate Module : before 3.000.100
IBM MaaS360 Base Module: before 3.000.100
IBM MaaS360 Cloud Extender Agent: before 3.000.100.069
External linkshttp://www.ibm.com/support/pages/node/7001689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) NULL pointer dereference
EUVDB-ID: #VU71999
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0401
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error during PKCS7 data verification. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.100
IBM MaaS360 VPN Module: before 3.000.100
MaaS360 Configuration Utility: before 3.000.100
MaaS360 PKI Certificate Module : before 3.000.100
IBM MaaS360 Base Module: before 3.000.100
IBM MaaS360 Cloud Extender Agent: before 3.000.100.069
External linkshttp://www.ibm.com/support/pages/node/7001689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Release of invalid pointer or reference
EUVDB-ID: #VU71997
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0216
CWE-ID:
CWE-763 - Release of invalid pointer or reference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to invalid pointer dereference in d2i_PKCS7 functions. A remote attacker can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.100
IBM MaaS360 VPN Module: before 3.000.100
MaaS360 Configuration Utility: before 3.000.100
MaaS360 PKI Certificate Module : before 3.000.100
IBM MaaS360 Base Module: before 3.000.100
IBM MaaS360 Cloud Extender Agent: before 3.000.100.069
External linkshttp://www.ibm.com/support/pages/node/7001689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Double Free
EUVDB-ID: #VU71996
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4450
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the PEM_read_bio_ex() function. A remote attacker can pass specially crafted PEM file to the application, trigger a double free error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.100
IBM MaaS360 VPN Module: before 3.000.100
MaaS360 Configuration Utility: before 3.000.100
MaaS360 PKI Certificate Module : before 3.000.100
IBM MaaS360 Base Module: before 3.000.100
IBM MaaS360 Cloud Extender Agent: before 3.000.100.069
External linkshttp://www.ibm.com/support/pages/node/7001689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) HTTP response splitting
EUVDB-ID: #VU70119
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-41915
CWE-ID:
CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP splitting attacks.
The vulnerability exists due to software does not validate header values when calling DefaultHttpHeaders.set with an iterator of values. A remote attacker can inject arbitrary header values and perform HTTP splitting attacks.
Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.100
IBM MaaS360 VPN Module: before 3.000.100
MaaS360 Configuration Utility: before 3.000.100
MaaS360 PKI Certificate Module : before 3.000.100
IBM MaaS360 Base Module: before 3.000.100
IBM MaaS360 Cloud Extender Agent: before 3.000.100.069
External linkshttp://www.ibm.com/support/pages/node/7001689
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
