Multiple vulnerabilities in IBM Cloud Pak for Watson AIOps

1) Cross-site scripting

EUVDB-ID: #VU75790

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-24539

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when handling angle brackets in CSS context. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps: before 4.2.0

CPE2.3

• cpe:2.3:a:ibm_corporation:ibm_cloud_pak_for_watson_aiops:*:*:*:*:*:*:*:*

External links

https://www.ibm.com/support/pages/node/7041675

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Code Injection

EUVDB-ID: #VU75791

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-24540

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary JavaScript code.

The vulnerability exists due to improper input validation when processing whitespace characters. A remote attacker can send a specially crafted request and execute arbitrary JavaScript code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps: before 4.2.0

CPE2.3

• cpe:2.3:a:ibm_corporation:ibm_cloud_pak_for_watson_aiops:*:*:*:*:*:*:*:*

External links

https://www.ibm.com/support/pages/node/7041675

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Cross-site scripting

EUVDB-ID: #VU75792

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-29400

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when processing HTML attributes. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps: before 4.2.0

CPE2.3

• cpe:2.3:a:ibm_corporation:ibm_cloud_pak_for_watson_aiops:*:*:*:*:*:*:*:*

External links

https://www.ibm.com/support/pages/node/7041675

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) OS Command Injection

EUVDB-ID: #VU69808

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-45939

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation when processing name of a source-code file in lib-src/etags.c. A remote attacker can trick the victim to use the "ctags *" command  and execute arbitrary OS commands on the target system in a situation where the current working directory has contents that depend on untrusted input.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps: before 4.2.0

CPE2.3

• cpe:2.3:a:ibm_corporation:ibm_cloud_pak_for_watson_aiops:*:*:*:*:*:*:*:*

External links

https://www.ibm.com/support/pages/node/7041675

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) OS Command Injection

EUVDB-ID: #VU74578

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-28617

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation within the org-babel-execute:latex in ob-latex.el when processing file or directory names. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary OS commands on the target system via a file name or directory name that contains shell metacharacters.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps: before 4.2.0

CPE2.3

• cpe:2.3:a:ibm_corporation:ibm_cloud_pak_for_watson_aiops:*:*:*:*:*:*:*:*

External links

https://www.ibm.com/support/pages/node/7041675

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Code Injection

EUVDB-ID: #VU77528

Risk: Medium

CVSSv4.0: 4.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-29402

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation within the cgo go command when building code that contains directories with newline characters in their names. A remote attacker can pass specially crafted input to the cgo command at build time and potentially compromise the system.

Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected).

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps: before 4.2.0

CPE2.3

• cpe:2.3:a:ibm_corporation:ibm_cloud_pak_for_watson_aiops:*:*:*:*:*:*:*:*

External links

https://www.ibm.com/support/pages/node/7041675

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU77529

Risk: Medium

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-29403

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists within Go runtime due to application allows to execute setuid/setgid binaries without any restrictions. An attacker with ability to control the application flow can execute arbitrary code on the system with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps: before 4.2.0

CPE2.3

• cpe:2.3:a:ibm_corporation:ibm_cloud_pak_for_watson_aiops:*:*:*:*:*:*:*:*

External links

https://www.ibm.com/support/pages/node/7041675

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Code Injection

EUVDB-ID: #VU77530

Risk: Medium

CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-29404

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists within Go runtime when running "go get" on a malicious module, or when running any other
command which builds untrusted code.A remote attacker can inject and execute arbitrary code on the target system at build time when using cgo.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps: before 4.2.0

CPE2.3

• cpe:2.3:a:ibm_corporation:ibm_cloud_pak_for_watson_aiops:*:*:*:*:*:*:*:*

External links

https://www.ibm.com/support/pages/node/7041675

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Code Injection

EUVDB-ID: #VU77531

Risk: Medium

CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-29405

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists within Go runtime when running "go get" on a malicious module, or when running any other
command which builds untrusted code.A remote attacker can inject and execute arbitrary code on the target system at build time when using cgo.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Watson AIOps: before 4.2.0

CPE2.3

• cpe:2.3:a:ibm_corporation:ibm_cloud_pak_for_watson_aiops:*:*:*:*:*:*:*:*

External links

https://www.ibm.com/support/pages/node/7041675

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.