SB2023121104 - Multiple vulnerabilities in IBM Netcool Operations Insight
Published: December 11, 2023 Updated: May 9, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 65 secuirty vulnerabilities.
1) Path traversal (CVE-ID: CVE-2022-37866)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can trick the victim into downloading a specially crafted artifact and write files to an arbitrary location on the system.
2) Out-of-bounds write (CVE-ID: CVE-2022-1304)
The vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A local attacker can use a specially crafted filesystem, trigger out-of-bounds write and execute arbitrary code on the target system.
3) Integer overflow (CVE-ID: CVE-2022-3515)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the CRL parser in libksba. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Cross-site scripting (CVE-ID: CVE-2016-3709)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
5) Heap-based buffer overflow (CVE-ID: CVE-2022-37434)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a large gzip header within inflateGetHeader in inflate.c. A remote attacker can pass a specially crafted file to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
6) OS Command Injection (CVE-ID: CVE-2022-2068)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.
The vulnerability exists due to incomplete fix for #VU62765 (CVE-2022-1292).
7) Missing Encryption of Sensitive Data (CVE-ID: CVE-2022-2097)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error in AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation. Under specific circumstances OpenSSL does not encrypt the entire message and can reveal sixteen bytes of data that was preexisting in the memory that wasn't written. A remote attacker can gain access to potentially sensitive information.
8) Prototype pollution (CVE-ID: CVE-2019-11358)
The vulnerability allows a remote attacker to execute arbitrary JavaScript code.
The vulnerability exists due to improper input validation. A remote attacker can pass specially crafted input to the application and perform prototype pollution, which can result in information disclosure or data manipulation.
9) Cross-site scripting (CVE-ID: CVE-2020-11022)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the regex operation in "jQuery.htmlPrefilter". A remote attacker can pass specially crafted data to the application that uses .html()</code>, <code>.append() or similar methods for it and execute arbitrary JavaScript code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
10) Cross-site scripting (CVE-ID: CVE-2020-11023)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when passing <option> elements to jQuery’s DOM manipulation methods. A remote attacker can execute arbitrary JavaScript code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
11) Predictable from Observable State (CVE-ID: CVE-2022-30698)
The vulnerability allows a remote attacker to poison DNS cache.
The vulnerability exists due to the way Unbound handles delegation information expiration event. A remote attacker who controls a rouge DNS server can force the Unbound instance to cache incorrect information about subdomain delegation and permanently poison the DNS cache, e.g. perform the "ghost domain names" attack.
The attack is carried out when Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation.12) Predictable from Observable State (CVE-ID: CVE-2022-30699)
The vulnerability allows a remote attacker to poison DNS cache.
The vulnerability exists due to the way Unbound handles delegation information expiration event. A remote attacker who controls a rouge DNS server can force the Unbound instance to cache incorrect information about domain delegation and permanently poison the DNS cache, e.g. perform the "ghost domain names" attack.
The attack is perform when Unbound is queried for a rogue domain name, which cached delegation information is about to expire. The rogue nameserver delays the response until the cached delegation information expires. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries.
13) Inefficient Algorithmic Complexity (CVE-ID: CVE-2022-25881)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to regular expression denial of service that occurs when the server reads the cache policy from the request using this library. A remote unauthenticated attacker can send malicious request header values to the server and perform a denial of service attack.
14) Buffer overflow (CVE-ID: CVE-2021-41816)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in CGI.escape_html. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Improper input validation (CVE-ID: CVE-2022-37865)
The vulnerability allows a remote non-authenticated attacker to damange or delete data.
The vulnerability exists due to improper input validation within the Installation (Apache Ivy) component in Oracle Communications Cloud Native Core Automated Test Suite. A remote non-authenticated attacker can exploit this vulnerability to damange or delete data.
16) Resource exhaustion (CVE-ID: CVE-2021-36090)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when processing ZIP archives. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
17) Out-of-bounds read (CVE-ID: CVE-2021-3712)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing ASN.1 strings related to a confusion with NULL termination of strings in array. A remote attacker can pass specially crafted data to the application to trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
18) Stack-based buffer overflow (CVE-ID: CVE-2020-10029)
The vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within "sysdeps/ieee754/ldbl-96/e_rem_pio2l.c" in GNU C Library (aka glibc or libc6). An attacker can pas specially crafted input to the application and trigger a stack-based buffer overflow.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system or denial of service conditions.
19) Input validation error (CVE-ID: CVE-2022-1271)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation when processing filenames with two or more newlines. A remote attacker can force zgrep or xzgrep to write arbitrary files on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
20) NULL pointer dereference (CVE-ID: CVE-2019-9923)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error in sparse.c in when parsing certain archives that have malformed extended headers. A remote attacker can perform a denial of service (DoS) attack.
21) Information disclosure (CVE-ID: CVE-2018-8023)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timing attack because instead of a constant-time string comparison routine a standard `==` operator has been used. A malicious actor can therefore abuse the timing difference of when the JWT validation function returns to reveal the correct HMAC value.
22) Resource management error (CVE-ID: CVE-2018-11793)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect processing of nested data within a JSON array. A remote unauthenticated attacker can supply a specially crafted JSON array, overflow the stack due to unbounded recursion and perform denial of service (DoS) attack,
23) Use-after-free (CVE-ID: CVE-2022-40674)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the doContent() function in xmlparse.c. A remote attacker can pass specially crafted input to the application that is using the affected library, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
24) Information disclosure (CVE-ID: CVE-2019-19126)
The vulnerability allows a local authenticated user to gain access to sensitive information.
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.
25) Use-after-free (CVE-ID: CVE-2020-1752)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the glob() function in glibc in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username are affected by this issue. A local user can create a specially crafted path that, when processed by the glob() function, would potentially lead to arbitrary code execution.
26) Session Fixation (CVE-ID: CVE-2022-25896)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the session is regenerated instead of being closed when a user logs in or logs out. A remote attacker can gain access to the session.
27) Out-of-bounds write (CVE-ID: CVE-2020-1751)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in the "backtrace" function when handling signal trampolines on PowerPC. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.
28) Integer overflow (CVE-ID: CVE-2021-35942)
The vulnerability allows a remote attacker to gain access to sensitive information or perform a DoS attack.
The vulnerability exists due to integer overflow in parse_param in posix/wordexp.c in the GNU C Library when called with an untrusted pattern. A remote attacker can pass specially crafted data to the application, trigger integer overflow and read arbitrary memory on the system of perform a denial of service (DoS) attack.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
29) Improper initialization (CVE-ID: CVE-2022-21724)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to improper initialization in pgjdbc driver when handling attacker-controlled URL in connection properties as the driver does not verify if the class implements the expected interface before instantiating the class. A remote attacker can pass specially crafted URL to the affected application and execute arbitrary code in the system.
30) Incorrect default permissions (CVE-ID: CVE-2022-41946)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to application stores files with sensitive information in system's temporary directory. A local user can read the files and gain access to sensitive information.
31) Input validation error (CVE-ID: CVE-2022-26520)
The vulnerability allows a remote attacker to create arbitrary files on the system.
The vulnerability exists due to insufficient validation of user-supplied input when handling jdbc URL or its properties. A remote attacker can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties.
Successful exploitation of the vulnerability may allow an attacker to create and executable arbitraru JSP file under a Tomcat web root.
32) SQL injection (CVE-ID: CVE-2022-31197)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data within the java.sql.ResultRow.refreshRow() method when processing column names. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database using the statement terminator, e.g." ;".
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
33) Cryptographic issues (CVE-ID: CVE-2021-4160)
The vulnerability allows a remote attacker to decrypt TLS traffic.
The vulnerability exists due to BN_mod_exp may produce incorrect results on MIPS. A remote attacker can decrypt TLS traffic. According to vendor, multiple EC algorithms are affected, including some of the TLS 1.3 default curves.
Successful exploitation of the vulnerability requires certain pre-requisites for attack, such as obtaining and reusing private keys.
34) Infinite loop (CVE-ID: CVE-2022-0778)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the BN_mod_sqrt() function when processing an ASN.1 certificate that contains elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. A remote attacker can supply a specially crafted certificate to the TLS server or client, consume all available system resources and cause denial of service conditions.
35) Out-of-bounds read (CVE-ID: CVE-2020-35527)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling ALTER TABLE for views that have a nested FROM clause. A remote attacker can pass specially crafted input to the application, trigger an out-of-bounds read error and read contents of memory on the system.
36) Information disclosure (CVE-ID: CVE-2022-23498)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to all headers being cached, when datasource query caching is enabled (including when rotating the Grafana session cookie via a Set-Cookie grafana_session header). A remote attacker can gain unauthorized access to sensitive information on the system.
37) Input validation error (CVE-ID: CVE-2016-10739)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to the getaddrinfo() function accepts an IPv4 address followed by whitespace and arbitrary characters and treats his input as a correct IPv4 address. Software that accepts input from the getaddrinfo() function may incorrectly assume that the function return IPv4 address only. As a result, a remote attacker can inject arbitrary data into the IPv4 address and change application's behavior that relies on getaddrinfo() output (e.g., inject HTTP headers or other potentially dangerous strings).
38) Resource exhaustion (CVE-ID: CVE-2018-19591)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to an invalid 'ifname' parameter to __if_nametoindex() in 'sysdeps/unix/sysv/linux/if_index.c'. A remote attacker can invoke a call to the getaddrinfo() function with a 'node' parameter, consume excessive memory and cause the service to crash.
39) Stack-based buffer overflow (CVE-ID: CVE-2018-20796)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to boundary error in check_dst_limits_calc_pos_1() function in posix/regexec.c. A local user can pass specially crafted arguments to the application, trigger stack overflow and perform denial of service attack.
40) Out-of-bounds read (CVE-ID: CVE-2019-25013)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in GNU C Library within the iconv feature when processing multi-byte input sequences in the EUC-KR encoding. A remote attacker can pass specially crafted input to the application, trigger out-of-bounds read error and perform a denial of service (DoS) attack.
41) Input validation error (CVE-ID: CVE-2019-6488)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy due to application that runs on the x32 architecture incorrectly attempts to use a 64-bit register for size_t in assembly codes. A remote attacker can pass specially crafted data to the application using an affected library and cause segmentation fault.
42) Input validation error (CVE-ID: CVE-2019-7309)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) when the RDX most significant bit is mishandled. A local attacker can supply specially crafted input and cause the application to crash.
43) Out-of-bounds read (CVE-ID: CVE-2019-9169)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack or gain access to sensitive information.
The vulnerability exists due to heap-based buffer over-read via an attempted case-insensitive regular-expression match. A remote attacker can perform a denial of service attack or gain access to sensitive information.
44) Infinite loop (CVE-ID: CVE-2020-27618)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within iconv implementation when processing multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, IBM1399 encodings. A remote attacker can pass specially crafted data to the application, consume all available system resources and cause denial of service conditions.
45) Integer overflow (CVE-ID: CVE-2020-6096)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
46) Reachable Assertion (CVE-ID: CVE-2021-3326)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the iconv function in the GNU C Library (aka glibc or libc6) when processing invalid input sequences in the ISO-2022-JP-3 encoding. A remote attacker can pass specially crafted data to the application, trigger an assertion failure and crash the affected application.
47) XML External Entity injection (CVE-ID: CVE-2021-33813)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied XML input within the SAXBuilder. A remote attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.
Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.
48) NULL pointer dereference (CVE-ID: CVE-2020-35525)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the INTERSEC query processing. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
49) Input validation error (CVE-ID: CVE-2017-5932)
The vulnerability allows a local authenticated user to execute arbitrary code.
The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter.
50) OS Command Injection (CVE-ID: CVE-2022-1292)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.
51) Spoofing attack (CVE-ID: CVE-2022-39324)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to usage of a hidden originalUrl parameter in the shared dashboard. A remote attacker can trick the victim into opening a shared snapshot and click on the button in the Grafana web UI, which will redirect user to an attacker-controlled URL.
52) Buffer overflow (CVE-ID: CVE-2021-3711)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in EVP_PKEY_decrypt() function within implementation of the SM2 decryption. A remote attacker can send specially crafted SM2 content for decryption to trigger a buffer overflow by 62 bytes and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
53) Improper input validation (CVE-ID: CVE-2014-3004)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Common (Castor) component in Oracle Utilities Framework. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
54) Resource management error (CVE-ID: CVE-2022-2879)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to absent limits on the maximum size of file headers within the Reader.Read method in archive/tar. A remote attacker can pass a specially crafted file to the application and perform a denial of service (DoS) attack.
55) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2019-20372)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists with certain error_page configurations. A remote attacker can read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
56) Off-by-one (CVE-ID: CVE-2021-23017)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an off-by-one error within the ngx_resolver_copy() function when processing DNS responses. A remote attacker can trigger an off-by-one error, write a dot character (‘.’, 0x2E) out of bounds in a heap allocated buffer and execute arbitrary code on the system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
The vulnerability can be triggered by a DNS response in reply to a DNS request from nginx when the resolver primitive is configured. A specially crafted packet allows overwriting the least significant byte of next heap chunk metadata with 0x2E.
57) Improper input validation (CVE-ID: CVE-2022-40153)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Centralized Third Party Jars (XStream) component in Oracle WebLogic Server. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.
58) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-0204)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to a specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos. A remote attacker can attacker can gain root-level privileges on the host.
59) Improper Check for Dropped Privileges (CVE-ID: CVE-2019-18276)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in "disable_priv_mode()" function in shell.c due to the affected software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded. A local user with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges.
60) Input validation error (CVE-ID: CVE-2018-1330)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash too because of the mistakenly planted assertion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.
61) Input validation error (CVE-ID: CVE-2022-22970)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the Spring MVC or Spring WebFlux applications. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
62) Input validation error (CVE-ID: CVE-2022-22971)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the Spring application with a STOMP over WebSocket endpoint. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
63) Path traversal (CVE-ID: CVE-2022-31159)
The vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the downloadDirectory() method in in the AWS S3 TransferManager component. A remote user can send a specially crafted HTTP request and read arbitrary files on the system.
64) Stored cross-site scripting (CVE-ID: CVE-2022-23552)
The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user with the Editor role can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
65) Reliance on Reverse DNS Resolution for a Security-Critical Action (CVE-ID: CVE-2022-43548)
The vulnerability allows a remote attacker to perform DNS rebinding attacks.
The vulnerability exists due to improper validation of octal IP address within the Node.js rebinding protector for --inspec. A remote attacker can
resolve the invalid octal address via DNS. When combined with an active
--inspect session, such as when using VSCode, an attacker can perform DNS
rebinding and execute arbitrary code in client's browser.
Remediation
Install update from vendor's website.