Multiple vulnerabilities in IBM Cloud Pak for Network Automation
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 18 |
| CVE-ID | CVE-2022-35255 CVE-2023-25000 CVE-2023-0620 CVE-2023-0665 CVE-2023-24999 CVE-2022-32149 CVE-2023-2251 CVE-2023-1436 CVE-2023-28842 CVE-2022-41716 CVE-2022-41717 CVE-2023-32309 CVE-2023-28840 CVE-2023-24537 CVE-2023-28841 CVE-2023-28858 CVE-2023-28859 CVE-2023-24538 |
| CWE-ID | CWE-330 CWE-200 CWE-89 CWE-20 CWE-284 CWE-400 CWE-248 CWE-674 CWE-420 CWE-770 CWE-22 CWE-835 CWE-311 CWE-362 CWE-94 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #11 is available. |
| Vulnerable software Subscribe |
Cloud Pak for Network Automation Other software / Other software solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 18 vulnerabilities.
1) Use of insufficiently random values
EUVDB-ID: #VU67849
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-35255
CWE-ID:
CWE-330 - Use of Insufficiently Random Values
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to decrypt sensitive information.
The vulnerability exists due to usage of weak randomness in WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. A remote attacker can decrypt sensitive information.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Network Automation : before 2.4.7
CPE2.3http://www.ibm.com/support/pages/node/7005479
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU74186
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25000
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the Shamir implementation uses precomputed table lookups. A remote user can perform a cache-timing attack and recover the Shamir shares.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Network Automation : before 2.4.7
CPE2.3http://www.ibm.com/support/pages/node/7005479
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) SQL injection
EUVDB-ID: #VU74183
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0620
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data when using Vault’s community-supported Microsoft SQL (MSSQL) database storage backend. A remote user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Network Automation : before 2.4.7
CPE2.3http://www.ibm.com/support/pages/node/7005479
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU74184
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0665
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the PKI mount issuer endpoints do not correctly authorize access to remove an issuer or modify issuer metadata. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Network Automation : before 2.4.7
CPE2.3http://www.ibm.com/support/pages/node/7005479
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper access control
EUVDB-ID: #VU73246
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24999
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to the way the application handles authentication based on Approle SecretID. A remote user with access to the "/auth/approle/role/:role_name/secret-id-accessor/destroy" endpoint can destroy the secret ID of any other role by providing the secret ID accessor and disable access to Vault for other users. MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Network Automation : before 2.4.7
CPE2.3http://www.ibm.com/support/pages/node/7005479
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource exhaustion
EUVDB-ID: #VU68897
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32149
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to ParseAcceptLanguage does not properly control consumption of internal resources. A remote attacker can send a specially crafted Accept-Language header that will take a significant time to parse and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Network Automation : before 2.4.7
CPE2.3http://www.ibm.com/support/pages/node/7005479
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Uncaught Exception
EUVDB-ID: #VU76605
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2251
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause a denial of service condition.
The vulnerability exists due uncaught exception in the parseDocument() and parseAllDocuments() functions. A remote unauthenticated attacker can send a specially crafted input and cause a denial of service condition.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Network Automation : before 2.4.7
CPE2.3http://www.ibm.com/support/pages/node/7005479
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Uncontrolled Recursion
EUVDB-ID: #VU75431
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1436
CWE-ID:
CWE-674 - Uncontrolled Recursion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to uncontrolled recursion when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Network Automation : before 2.4.7
CPE2.3http://www.ibm.com/support/pages/node/7005479
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Unprotected Alternate Channel
EUVDB-ID: #VU74469
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28842
CWE-ID:
CWE-420 - Unprotected Alternate Channel
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to unprotected alternate channel within encrypted overlay networks. A remote attacker can inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Network Automation : before 2.4.7
CPE2.3http://www.ibm.com/support/pages/node/7005479
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU69405
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-41716
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary OS commands on the system.
The vulnerability exists due to insecure processing of unsanitized NUL values in syscall.StartProcess and os/exec.Cmd. A local user on the Windows operating system can set a specially crafted environment variable and execute arbitrary OS commands on the system.
Install update from vendor's website.
Vulnerable software versionsCloud Pak for Network Automation : before 2.4.7
CPE2.3http://www.ibm.com/support/pages/node/7005479
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Allocation of Resources Without Limits or Throttling
EUVDB-ID: #VU70334
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-41717
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to excessive memory growth when handling HTTP/2 server requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Network Automation : before 2.4.7
CPE2.3http://www.ibm.com/support/pages/node/7005479
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
12) Path traversal
EUVDB-ID: #VU77598
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32309
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Network Automation : before 2.4.7
CPE2.3http://www.ibm.com/support/pages/node/7005479
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Unprotected Alternate Channel
EUVDB-ID: #VU74468
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28840
CWE-ID:
CWE-420 - Unprotected Alternate Channel
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to unprotected alternate channel within encrypted overlay networks. A remote attacker can inject arbitrary Ethernet frames into the encrypted overlay network and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Network Automation : before 2.4.7
CPE2.3http://www.ibm.com/support/pages/node/7005479
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Infinite loop
EUVDB-ID: #VU74573
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24537
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when calling any of the Parse functions on Go source code which contains //line directives with very large line numbers. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Network Automation : before 2.4.7
CPE2.3http://www.ibm.com/support/pages/node/7005479
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Missing Encryption of Sensitive Data
EUVDB-ID: #VU74467
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28841
CWE-ID:
CWE-311 - Missing Encryption of Sensitive Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to missing encryption of sensitive data within the overlay network driver. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Network Automation : before 2.4.7
CPE2.3http://www.ibm.com/support/pages/node/7005479
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Race condition
EUVDB-ID: #VU74187
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28858
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a race condition. A remote attacker can exploit the race and gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Network Automation : before 2.4.7
CPE2.3http://www.ibm.com/support/pages/node/7005479
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Race condition
EUVDB-ID: #VU74188
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28859
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a race condition. A remote attacker can exploit the race and gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Network Automation : before 2.4.7
CPE2.3http://www.ibm.com/support/pages/node/7005479
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Code Injection
EUVDB-ID: #VU74574
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24538
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in html/template when handling JavaScript templates that contain backticks in code. If a template contains a Go template action within a JavaScript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary JavaScript code into the Go template.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Network Automation : before 2.4.7
CPE2.3http://www.ibm.com/support/pages/node/7005479
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
