SB2024020623 - Multiple vulnerabilities in IBM Security Verify Privilege On-Premises

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024020623

SB2024020623 - Multiple vulnerabilities in IBM Security Verify Privilege On-Premises

Published: February 6, 2024 Updated: January 23, 2025

Security Bulletin ID SB2024020623
Severity
High
Patch available
YES
Number of vulnerabilities 19
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 5% Medium 53% Low 42%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 19 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2021-38859)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can obtain version number information using a specially crafted HTTP request that could be used in further attacks against the system.


2) Missing Encryption of Sensitive Data (CVE-ID: CVE-2022-22377)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to failure to properly enable HTTP Strict Transport Security. A remote attacker can obtain sensitive information using man in the middle techniques.


3) Input validation error (CVE-ID: CVE-2022-22384)

The vulnerability allows a remote user to modify data on the system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user can pass specially crafted input to the application and modify data on the system.


4) Missing Encryption of Sensitive Data (CVE-ID: CVE-2022-22386)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to failure to properly enable HTTP Strict Transport Security. A remote attacker can obtain sensitive information using man in the middle techniques.


5) Cleartext transmission of sensitive information (CVE-ID: CVE-2022-22385)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data.


6) Cross-site scripting (CVE-ID: CVE-2019-16728)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code through Mutation XSS in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note: This vulnerability exists because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element.


7) Buffer overflow (CVE-ID: CVE-2022-3786)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing the email address field length inside a X.509 certificate. A remote attacker can supply a specially crafted certificate to the application, trigger a buffer overflow and crash the application.



8) Buffer overflow (CVE-ID: CVE-2022-3602)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing the email address field inside  X.509 certificate. A remote attacker can supply a specially crafted certificate to the application, trigger a 4-byte buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that either a CA signs the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer.


9) Cross-site scripting (CVE-ID: CVE-2020-11022)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the regex operation in "jQuery.htmlPrefilter". A remote attacker can pass specially crafted data to the application that uses .html()</code>, <code>.append() or similar methods for it and execute arbitrary JavaScript code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


10) Cross-site scripting (CVE-ID: CVE-2020-11023)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when passing <option> elements to jQuery’s DOM manipulation methods. A remote attacker can execute arbitrary JavaScript code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


11) Insufficient Session Expiration (CVE-ID: CVE-2021-20581)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to insufficient session expiration issue. A remote user can obtain or guess session token and gain unauthorized access to session that belongs to another user.


12) Arbitrary file upload (CVE-ID: CVE-2022-22375)

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload. A remote user can upload a malicious file and execute it on the server.


13) Improper Certificate Validation (CVE-ID: CVE-2022-22380)

The vulnerability allows a remote attacker to modify data on the system.

The vulnerability exists due to improper certificate validation. A remote attacker can spoof a trusted entity due to improperly validating certificates


14) Input validation error (CVE-ID: CVE-2021-29913)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.


15) LDAP injection (CVE-ID: CVE-2023-33201)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to improper input validation in applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability. A remote non-authenticated attacker can use a specially crafted X.509 certificate to bypass authentication process and gain unauthorized access to the application.


16) Information disclosure (CVE-ID: CVE-2022-43889)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.


17) Resource exhaustion (CVE-ID: CVE-2022-43893)

The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A local privileged user can trigger resource exhaustion and perform a denial of service (DoS) attack.


18) Improper Certificate Validation (CVE-ID: CVE-2022-43892)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to improper certificate validation. A remote attacker can gain unauthorized access to sensitive information on the system.


19) Information Exposure Through an Error Message (CVE-ID: CVE-2022-43891)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability occurs when a detailed technical error message is returned in the browser. A remote attacker can gain unauthorized access to sensitive information on the system.


Remediation

Install update from vendor's website.

References