Main Vulnerability Database SB2024022105

SB2024022105 - Multiple vulnerabilities in IBM Robotic Process Automation for Cloud Pak

Published: February 21, 2024

Security Bulletin ID SB2024022105

Severity

High

Patch available

YES

Number of vulnerabilities 47

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 47 secuirty vulnerabilities.

1) Reachable Assertion (CVE-ID: CVE-2022-41899)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to inputs `dense_features` or `example_state_data` not of rank 2 will trigger a `CHECK` fail in `SdcaOptimizer`. A remote attacker can trigger the vulnerability to perform a denial of service (DoS) attack.

2) Input validation error (CVE-ID: CVE-2022-41888)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked when running on GPU. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

3) NULL pointer dereference (CVE-ID: CVE-2022-41889)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught, if list of quantized tensors is assigned to an attribute. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

4) Type conversion (CVE-ID: CVE-2022-41890)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to `BCast::ToShape` will crash if given input larger than an `int32`, despite being supposed to handle up to an `int64`. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

5) Resource exhaustion (CVE-ID: CVE-2022-41891)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to `tf.raw_ops.TensorListConcat` results in segmentation fault if given `element_shape=[]`. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

6) Reachable Assertion (CVE-ID: CVE-2022-41893)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the `tf.raw_ops.TensorListResize` results `CHECK` fail when given a nonscalar value for input `size`. A remote attacker can trigger the vulnerability to perform a denial of service (DoS) attack.

7) Buffer overflow (CVE-ID: CVE-2022-41894)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. A remote unauthenticated attacker can craft a model with a specific number of input channels to write specific values through the bias of the layer outside the bounds of the buffer

8) Out-of-bounds read (CVE-ID: CVE-2022-41895)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to TensorFlow will give a heap OOB error if `MirrorPadGrad` is given outsize input `paddings`. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

9) Input validation error (CVE-ID: CVE-2022-41896)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to TensorFlow will crash if `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

10) Out-of-bounds read (CVE-ID: CVE-2022-41897)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to TensorFlow will crash if `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`. A remote attacker can create a specially crafted file, trigger an out-of-bounds read error and read contents of memory on the system.

11) Resource exhaustion (CVE-ID: CVE-2022-41898)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to TensorFlow will crash if `SparseFillEmptyRowsGrad` is given empty inputs. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

12) Buffer overflow (CVE-ID: CVE-2022-41900)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the FractionalMaxPool and FractionalAvgPool. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

13) Incorrect Calculation of Buffer Size (CVE-ID: CVE-2022-41886)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to `tf.raw_ops.ImageProjectiveTransformV2` overflows when given a large output shape. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

14) Input validation error (CVE-ID: CVE-2022-41901)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in SparseMatrixNNZ. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

15) Out-of-bounds write (CVE-ID: CVE-2022-41902)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in grappler. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.

16) Buffer overflow (CVE-ID: CVE-2022-41910)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in QuantizeAndDequantizeV2. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.

17) Buffer overflow (CVE-ID: CVE-2022-41907)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in ResizeNearestNeighborGrad. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.

18) Input validation error (CVE-ID: CVE-2022-41908)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in PyFunc. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

19) Input validation error (CVE-ID: CVE-2022-41909)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in CompositeTensorVariantToComponents. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

20) Type conversion (CVE-ID: CVE-2022-41911)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to invalid char to bool conversion when printing a tensor. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

21) Integer overflow (CVE-ID: CVE-2022-42898)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to an integer overflow within the S4U2Proxy handler on 32-bit systems. A remote user can send specially crafted request to the KDC server, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

22) Out-of-bounds write (CVE-ID: CVE-2022-40152)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing untrusted input within the Woodstox XML parser. A remote attacker can pass a specially crafted input to the application, trigger an out-of-bounds write and crash the application.

23) Improper input validation (CVE-ID: CVE-2022-40153)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Centralized Third Party Jars (XStream) component in Oracle WebLogic Server. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.

24) Incorrect Calculation of Buffer Size (CVE-ID: CVE-2022-41887)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

25) Always-Incorrect Control Flow Implementation (CVE-ID: CVE-2022-41884)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to error will be raised if a numpy array is created with a shape such that one element is zero and the others sum to a large number. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

26) Out-of-bounds read (CVE-ID: CVE-2022-0924)

The vulnerability allows a remote attacker to perform a denial-of-service attack.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it, trigger out-of-bounds read error and perform a denial-of-service attack.

27) OS Command Injection (CVE-ID: CVE-2015-20107)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the mailcap module, which does not escape characters into commands discovered in the system mailcap file. A remote unauthenticated attacker can pass specially crafted data to the applications that call mailcap.findmatch with untrusted input and execute arbitrary OS commands on the target system.

28) Cross-site scripting (CVE-ID: CVE-2016-3709)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

29) Security restrictions bypass (CVE-ID: CVE-2020-9492)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the way Apache Hadoop handles SPNEGO authorization headers. A remote WebHDFS client can trigger services to send server credentials to a webhdfs path for capturing the service principal.

30) NULL pointer dereference (CVE-ID: CVE-2022-0561)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the memcpy() function within TIFFFetchStripThing() in tif_dirread.c. A remote attacker can trick victim to open specially crafted TIFF file and perform a denial of service (DoS) attack.

31) NULL pointer dereference (CVE-ID: CVE-2022-0562)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the memcpy() function within TIFFReadDirectory() in tif_dirread.c. A remote attacker can trick victim to open specially crafted TIFF file and perform a denial of service (DoS) attack.

32) Reachable Assertion (CVE-ID: CVE-2022-0865)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in the tiffcp component. A remote attacker can trick a victim to open a specially crafted TIFF file and perform a denial of service attack.

33) Out-of-bounds write (CVE-ID: CVE-2022-0891)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing TIFF file in ExtractImageSection() function in tiffcrop.c. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

34) NULL pointer dereference (CVE-ID: CVE-2022-0908)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the memcpy() function within TIFFFetchNormalTag () in tif_dirread.c. A remote attacker can pass specially crafted TIFF file to the application and perform a denial of service (DoS) attack.

35) Division by zero (CVE-ID: CVE-2022-0909)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a division by zero error in the tiffcrop component. A remote attacker can pass a specially crafted TIFF file to the application and crash it.

36) Buffer overflow (CVE-ID: CVE-2022-1355)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within tiffcp.c when processing TIFF files. A remote attacker can pass specially crafted TIFF file to the application that is using the affected library, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

37) Out-of-bounds read (CVE-ID: CVE-2022-41880)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.

38) Out-of-bounds read (CVE-ID: CVE-2022-22844)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary condition in the _TIFFmemcpy() function in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field. A remote attacker can pass a specially crafted file and perform a denial of service attack.

39) Out-of-bounds write (CVE-ID: CVE-2022-1304)

The vulnerability allows a local attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A local attacker can use a specially crafted filesystem, trigger out-of-bounds write and execute arbitrary code on the target system.

40) Stack-based buffer overflow (CVE-ID: CVE-2022-25308)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

41) Heap-based buffer overflow (CVE-ID: CVE-2022-25309)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in fribidi_cap_rtl_to_unicode. A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

42) Input validation error (CVE-ID: CVE-2022-25310)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to improper handling of empty input when removing marks from unicode strings. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.

43) Out-of-bounds write (CVE-ID: CVE-2022-27404)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the "sfnt_init_face" function. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.

44) Out-of-bounds read (CVE-ID: CVE-2022-27405)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the "FNT_Size_Request" function. A remote attacker can trigger out-of-bounds read error and cause a denial of service condition on the system.

45) Out-of-bounds read (CVE-ID: CVE-2022-27406)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the "FT_Request_Size" function. A remote attacker can trigger out-of-bounds read error and cause a denial of service condition on the system.

46) Reachable Assertion (CVE-ID: CVE-2022-35935)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in SobolSample. A remote attacker can cause a denial of service condition on the target system.

47) Reachable Assertion (CVE-ID: CVE-2022-35991)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in "TensorListScatter" and "TensorListScatterV2" in eager mode. A remote attacker can cause a denial of service condition on the target system.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/6921283

SB2024022105 - Multiple vulnerabilities in IBM Robotic Process Automation for Cloud Pak

Breakdown by Severity

Description

Remediation

References

Please verify you're human