SB2024021315 - Multiple vulnerabilities in IBM App Connect Enterprise Certified Container
Published: February 13, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 22 secuirty vulnerabilities.
1) Cross-site scripting (CVE-ID: CVE-2023-3978)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
2) Information disclosure (CVE-ID: CVE-2023-45143)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to software send Cookies in HTTP headers during cross-origin redirects. A remote attacker can gain unauthorized access to sensitive information.
3) Use-after-free (CVE-ID: CVE-2022-48560)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to use-after-free exists via heappushpop in heapq. A remote attacker can trigger the vulnerability to perform a denial of service attack.
4) Covert timing channel (CVE-ID: CVE-2023-5388)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to insufficient fix for #VU84108 (CVE-2023-4421). A remote attacker can perform Marvin attack and gain access to sensitive information.
5) Cross-site scripting (CVE-ID: CVE-2024-22195)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within the xmlattr filter. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
6) NULL pointer dereference (CVE-ID: CVE-2021-3443)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A local attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
7) Use-after-free (CVE-ID: CVE-2023-34241)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in cupsdAcceptClient(). A remote attacker can cause a denial of service condition on the target system.
8) Out-of-bounds write (CVE-ID: CVE-2023-3138)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within src/InitExt.c in libX11. A remote attacker can send specially crafted data to the server, trigger an out-of-bounds write and perform a denial of service (DoS) attack.
9) Off-by-one (CVE-ID: CVE-2023-4504)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an off-by-one error when parsing Postscript objects within the scan_ps() function in cups/raster-interpret.c. A remote attacker can trigger pass a specially crafted PPD file to the affected application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Heap-based buffer overflow (CVE-ID: CVE-2023-32324)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the format_log_line() function cups/string.c when the "loglevel" is set to "DEBUG". A remote attacker can pass specially crafted data to the daemon, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Out-of-bounds read (CVE-ID: CVE-2023-43785)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the _XkbReadKeySyms() function. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
12) Integer overflow (CVE-ID: CVE-2023-43787)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the XCreateImage() function. A local user can trigger integer overflow and execute arbitrary code with elevated privileges.
13) Infinite loop (CVE-ID: CVE-2023-43786)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the PutSubImage() function. A local user can consume all available system resources and cause denial of service conditions.
14) Information disclosure (CVE-ID: CVE-2023-4641)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to an error in gpasswd(1), which fails to clean memory properly. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. A local user with enough access can retrieve the password from the memory.
15) Uncontrolled Memory Allocation (CVE-ID: CVE-2023-48713)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to unbound memory allocation. A remote user who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause denial-of-service of the autoscaler.
16) Out-of-bounds write (CVE-ID: CVE-2023-51257)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within the jas_icctxt_input() function in jas_icc.c. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
17) Out-of-bounds write (CVE-ID: CVE-2023-4016)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
18) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2023-5072)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to allocation of resources without limits or throttling. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
19) Observable discrepancy (CVE-ID: CVE-2023-45287)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a timing discrepancy when handling RSA based TLS key exchanges. A remote attacker can perform a Marvin attack and gain access to sensitive information.
20) Resource exhaustion (CVE-ID: CVE-2023-39325)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to excessive consumption of internal resources when handling HTTP/2 requests. A remote attacker can bypass the http2.Server.MaxConcurrentStreams setting by creating new connections while the current connections are still being processed, trigger resource exhaustion and perform a denial of service (DoS) attack.
21) Reachable Assertion (CVE-ID: CVE-2017-13745)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability than CVE-2018-9154.
22) Cross-site request forgery (CVE-ID: CVE-2023-45857)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
Remediation
Install update from vendor's website.