Multiple vulnerabilities in IBM App Connect for Healthcare
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2014-0107 CVE-2022-34169 CVE-2013-0248 CVE-2016-3092 CVE-2016-1000031 CVE-2014-0050 CVE-2013-2186 CVE-2012-5783 CVE-2021-29425 CVE-2023-24998 |
| CWE-ID | CWE-284 CWE-20 CWE-61 CWE-400 CWE-502 CWE-295 CWE-22 CWE-770 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #2 is available. Vulnerability #6 is being exploited in the wild. Public exploit code for vulnerability #10 is available. |
| Vulnerable software |
IBM App Connect for Healthcare Client/Desktop applications / Other client software |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Improper access control
EUVDB-ID: #VU77073
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-0107
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to TransformerFactory in Apache Xalan-Java does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled. A remote attacker can bypass implemented security restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM App Connect for Healthcare: 5.0.0.1 - 6.0.1.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_app_connect_for_healthcare:5.0.0.1:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_app_connect_for_healthcare:6.0.1.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/6999671
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU65495
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-34169
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to compromise the affected system.
The vulnerability exists due to an integer truncation issue when processing malicious XSLT stylesheets. A remote non-authenticated attacker can pass specially crafted data to the application to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode.
Install update from vendor's website.
Vulnerable software versionsIBM App Connect for Healthcare: 5.0.0.1 - 6.0.1.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_app_connect_for_healthcare:5.0.0.1:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_app_connect_for_healthcare:6.0.1.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/6999671
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) UNIX symbolic link following
EUVDB-ID: #VU54943
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-0248
CWE-ID:
CWE-61 - UNIX Symbolic Link (Symlink) Following
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue. The application uses the /tmp directory for uploaded files. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM App Connect for Healthcare: 5.0.0.1 - 6.0.1.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_app_connect_for_healthcare:5.0.0.1:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_app_connect_for_healthcare:6.0.1.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/6999671
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource exhaustion
EUVDB-ID: #VU197
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-3092
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause denial of service conditions on the target system.
The vulnerability exists due to input validation error when processing very long boundary strings within the MultipartStream class in Apache Commons Fileupload. A remote user can cause denial of service conditions by sending specially crafted boundary string and consume excessive CPU resources.
Successful exploitation of this vulnerability may result in denial of service attack.
Install update from vendor's website.
Vulnerable software versionsIBM App Connect for Healthcare: 5.0.0.1 - 6.0.1.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_app_connect_for_healthcare:5.0.0.1:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_app_connect_for_healthcare:6.0.1.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/6999671
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Desereliazation of untrusted data
EUVDB-ID: #VU12312
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-1000031
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target system.
The weakness exists in DiskFileItem class of the FileUpload library due to deserialization of untrusted data. A remote attacker can execute arbitrary code under the context of the current process.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Vulnerable software versionsIBM App Connect for Healthcare: 5.0.0.1 - 6.0.1.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_app_connect_for_healthcare:5.0.0.1:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_app_connect_for_healthcare:6.0.1.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/6999671
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Infinite loop
EUVDB-ID: #VU5233
Risk: Medium
CVSSv3.1: 8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2014-0050
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to cause DoS conditions on the target system.
The weakness exists due to boundary error when handling Content-Type HTTP header for multipart requests. By sending a specially crafted Content-Type header, containing 4092 characters in "boundary" field, a remote attacker can cause the application to enter into an infinite loop.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
Note: the vulnerability was being actively exploited.
Install update from vendor's website.
Vulnerable software versionsIBM App Connect for Healthcare: 5.0.0.1 - 6.0.1.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_app_connect_for_healthcare:5.0.0.1:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_app_connect_for_healthcare:6.0.1.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/6999671
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
7) Input validation error
EUVDB-ID: #VU81098
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-2186
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to overwrite arbitrary files on the system.
The vulnerability exists due to insufficient validation of user-supplied input when processing file names with a NULL byte within the DiskFileItem class. A remote attacker can upload a specially crafted file with a NULL byte in its name and overwrite arbitrary files on the system.
Install update from vendor's website.
Vulnerable software versionsIBM App Connect for Healthcare: 5.0.0.1 - 6.0.1.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_app_connect_for_healthcare:5.0.0.1:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_app_connect_for_healthcare:6.0.1.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/6999671
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper Certificate Validation
EUVDB-ID: #VU80741
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-5783
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a man-in-the-middle attack to spoof SSL servers via an arbitrary valid certificate.
The vulnerability exists due to Apache Commons HttpClient does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate. A remote attacker can perform a man-in-the-middle attack to spoof SSL servers via an arbitrary valid certificate.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM App Connect for Healthcare: 5.0.0.1 - 6.0.1.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_app_connect_for_healthcare:5.0.0.1:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_app_connect_for_healthcare:6.0.1.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/6999671
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Path traversal
EUVDB-ID: #VU52252
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-29425
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error within the FileNameUtils.normalize method when processing directory traversal sequences, such as "//../foo", or "\..foo". A remote attacker can send a specially crafted request and verify files availability in the parent folder.
Install update from vendor's website.
Vulnerable software versionsIBM App Connect for Healthcare: 5.0.0.1 - 6.0.1.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_app_connect_for_healthcare:5.0.0.1:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_app_connect_for_healthcare:6.0.1.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/6999671
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Allocation of Resources Without Limits or Throttling
EUVDB-ID: #VU72427
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2023-24998
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to Apache Commons FileUpload does not limit the number of request parts. A remote attacker can initiate a series of uploads and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsIBM App Connect for Healthcare: 5.0.0.1 - 6.0.1.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_app_connect_for_healthcare:5.0.0.1:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:ibm_app_connect_for_healthcare:6.0.1.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/6999671
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
