SB2023111315 - Multiple vulnerabilities in IBM Cognos Dashboards on Cloud Pak for Data

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023111315

SB2023111315 - Multiple vulnerabilities in IBM Cognos Dashboards on Cloud Pak for Data

Published: November 13, 2023

Security Bulletin ID SB2023111315
Severity
Medium
Patch available
YES
Number of vulnerabilities 13
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 92% Low 8%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 13 secuirty vulnerabilities.


1) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2023-30589)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests in the llhttp parser. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.


2) Cleartext transmission of sensitive information (CVE-ID: CVE-2023-38276)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker can gain access to sensitive data.


3) Cleartext transmission of sensitive information (CVE-ID: CVE-2023-38275)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker can gain access to sensitive data.


4) Improper Authentication (CVE-ID: CVE-2023-38735)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can bypass authentication process and gain unauthorized access to the application.


5) Input validation error (CVE-ID: CVE-2020-13956)

The vulnerability allows a remote attacker to compromise the affected application.

The vulnerability exists due to insufficient validation of user-supplied input in Apache HttpClient. A remote attacker can pass request URIs to the library as java.net.URI object and force the application to pick the wrong target host for request execution.


6) Incorrect Regular Expression (CVE-ID: CVE-2022-40897)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing HTML content. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.


7) Input validation error (CVE-ID: CVE-2023-27043)

The vulnerability allows a remote attacker to bypass filtration.

The vulnerability exists due to insufficient validation of user-supplied input when parsing email address with a special character. A remote attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain.


8) Input validation error (CVE-ID: CVE-2023-30588)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied public key within the crypto.X509Certificate() API. A remote user can pass an invalid public key to the application and perform a denial of service (DoS) attack.


9) Resource management error (CVE-ID: CVE-2023-23919)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to in some cases Node.js does does not clear the OpenSSL error stack after operations that may set it. A remote attacker can trigger false positive errors during subsequent cryptographic operations on the same thread and perform a denial of service (DoS) attack.


10) HTTP response splitting (CVE-ID: CVE-2023-23936)

The vulnerability allows a remote attacker to perform HTTP splitting attacks.

The vulnerability exists due to software does not correctly process CRLF character sequences when handling HTTP "Host" header. A remote attacker can send specially crafted request containing CRLF sequence and make the application to send a split HTTP response.

Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.


11) Incorrect Regular Expression (CVE-ID: CVE-2023-24807)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when user-supplied input within the `Headers.set()` and `Headers.append()` methods. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.


12) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-23920)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to application insecurely loads ICU data through ICU_DATA environment variable with elevated privileges. A remote user can gain access to potentially sensitive information.


13) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-23918)

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions within the process.mainModule.require() method. A remote user can access non authorized modules.


Remediation

Install update from vendor's website.

References