Multiple vulnerabilities in IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN Module
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2023-36478 CVE-2023-44487 CVE-2023-41900 CVE-2023-40167 CVE-2023-36479 CVE-2023-34462 CVE-2023-4807 CVE-2023-46849 CVE-2023-46850 CVE-2023-5363 |
| CWE-ID | CWE-190 CWE-400 CWE-285 CWE-444 CWE-20 CWE-369 CWE-416 CWE-310 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #2 is being exploited in the wild. |
| Vulnerable software Subscribe |
IBM MaaS360 Mobile Enterprise Gateway Server applications / Other server solutions IBM MaaS360 Cloud Extender Agent Server applications / Other server solutions IBM MaaS360 VPN Module Server applications / Remote access servers, VPN |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU81726
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-36478
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in MetaDataBuilder.checkSize when handling HTTP/2 HPACK header values. A remote attacker can send specially crafted request to the server, trigger an integer overflow and crash the server.
Install update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.400
IBM MaaS360 VPN Module: before 3.000.400
IBM MaaS360 Cloud Extender Agent: before 3.000.300.025
External linkshttp://www.ibm.com/support/pages/node/7115287
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource exhaustion
EUVDB-ID: #VU81728
Risk: High
CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-44487
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improperly control of consumption for internal resources when handling HTTP/2 requests with compressed HEADERS frames. A remote attacker can send a sequence of compressed HEADERS frames followed by RST_STREAM frames and perform a denial of service (DoS) attack, a.k.a. "Rapid Reset".
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.400
IBM MaaS360 VPN Module: before 3.000.400
IBM MaaS360 Cloud Extender Agent: before 3.000.300.025
External linkshttp://www.ibm.com/support/pages/node/7115287
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
3) Improper Authorization
EUVDB-ID: #VU80793
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-41900
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote user to bypass implemented security restrictions.
The vulnerability exists due to an error in the revocation process. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the current request will still treat the user as authenticated.
Install update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.400
IBM MaaS360 VPN Module: before 3.000.400
IBM MaaS360 Cloud Extender Agent: before 3.000.300.025
External linkshttp://www.ibm.com/support/pages/node/7115287
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU80791
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40167
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests when handling the "+" character passed via the HTTP/1 header field. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.400
IBM MaaS360 VPN Module: before 3.000.400
IBM MaaS360 Cloud Extender Agent: before 3.000.300.025
External linkshttp://www.ibm.com/support/pages/node/7115287
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU80792
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-36479
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input in org.eclipse.jetty.servlets.CGI Servlet when quoting a command before its execution. A remote user can force the application to execute arbitrary file on the server and potentially compromise the system.
Install update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.400
IBM MaaS360 VPN Module: before 3.000.400
IBM MaaS360 Cloud Extender Agent: before 3.000.300.025
External linkshttp://www.ibm.com/support/pages/node/7115287
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource exhaustion
EUVDB-ID: #VU77573
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34462
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources if no idle timeout handler was configured. A remote attacker can send a client hello packet, which leads the server to buffer up to 16MB of data per connection and results in a denial of service condition.
Install update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.400
IBM MaaS360 VPN Module: before 3.000.400
IBM MaaS360 Cloud Extender Agent: before 3.000.300.025
External linkshttp://www.ibm.com/support/pages/node/7115287
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU80565
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4807
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the POLY1305 MAC (message authentication code) implementation. A remote attacker can send specially crafted input to the application and corrupt MM registers on Windows 64 platform, resulting in a denial of service condition.
Install update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.400
IBM MaaS360 VPN Module: before 3.000.400
IBM MaaS360 Cloud Extender Agent: before 3.000.300.025
External linkshttp://www.ibm.com/support/pages/node/7115287
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Division by zero
EUVDB-ID: #VU82952
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-46849
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a remote client to perform a denial of service (DoS) attack.
The vulnerability exists due to server incorrectly restores "--fragment" configuration under certain circumstances. A remote client can cause a divide by zero error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.400
IBM MaaS360 VPN Module: before 3.000.400
IBM MaaS360 Cloud Extender Agent: before 3.000.300.025
External linkshttp://www.ibm.com/support/pages/node/7115287
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU82951
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-46850
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to openvpn incorrectly uses a send buffer after it has been freed. Under certain circumstances the freed memory can be sent to the client peer, resulting in information disclosure. The vulnerability affects TLS configuration.
Install update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.400
IBM MaaS360 VPN Module: before 3.000.400
IBM MaaS360 Cloud Extender Agent: before 3.000.300.025
External linkshttp://www.ibm.com/support/pages/node/7115287
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Cryptographic issues
EUVDB-ID: #VU82349
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5363
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error when processing key and initialisation vector lengths in EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() function. A remote attacker can gain access to potentially sensitive information.
The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.
Install update from vendor's website.
Vulnerable software versionsIBM MaaS360 Mobile Enterprise Gateway: before 3.000.400
IBM MaaS360 VPN Module: before 3.000.400
IBM MaaS360 Cloud Extender Agent: before 3.000.300.025
External linkshttp://www.ibm.com/support/pages/node/7115287
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
