Multiple vulnerabilities in IBM Cloud Pak for Business Automation



Risk High
Patch available YES
Number of vulnerabilities 15
CVE-ID CVE-2012-0881
CVE-2023-6481
CVE-2020-14338
CVE-2023-5752
CVE-2023-34055
CVE-2020-10683
CVE-2017-5644
CVE-2017-12626
CVE-2022-23437
CVE-2009-2625
CVE-2021-23926
CVE-2018-1000632
CVE-2022-48339
CVE-2022-48337
CVE-2023-6378
CWE-ID CWE-20
CWE-400
CWE-77
CWE-749
CWE-776
CWE-835
CWE-611
CWE-78
CWE-502
Exploitation vector Network
Public exploit Public exploit code for vulnerability #12 is available.
Vulnerable software
 IBM Cloud Pak for Business Automation
Server applications / Other server solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 15 vulnerabilities.

1) Improper input validation

EUVDB-ID: #VU55416

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2012-0881

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the UI Infrastructure (Apache Xerces2 Java Parser) component in Oracle Transportation Management. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Business Automation: before 21.0.3.28

CPE2.3 External links

http://www.ibm.com/support/pages/node/7108592


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource exhaustion

EUVDB-ID: #VU85848

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6481

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in logback receiver component. A remote attacker can send send poisoned data, trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Business Automation: before 21.0.3.28

CPE2.3 External links

http://www.ibm.com/support/pages/node/7108592


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU86824

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-14338

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. A remote attacker can pass specially-crafted XML file to the application and manipulate the validation process in certain cases.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Business Automation: before 21.0.3.28

CPE2.3 External links

http://www.ibm.com/support/pages/node/7108592


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Command Injection

EUVDB-ID: #VU84849

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-5752

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation when installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip. A remote attacker who controls the repository can use the specified Mercurial revision to inject arbitrary configuration options to the "hg clone" call (ie "--config").

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Business Automation: before 21.0.3.28

CPE2.3 External links

http://www.ibm.com/support/pages/node/7108592


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU83581

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34055

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Web Observations. A remote attacker can send specially crafted HTTP requests to the application and perform a denial of service (DoS) attack.

Successful exploitation of the vulnerability requires that application is using Spring MVC or Spring WebFlux and that org.springframework.boot:spring-boot-actuator is on the classpath.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Business Automation: before 21.0.3.28

CPE2.3 External links

http://www.ibm.com/support/pages/node/7108592


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Exposed dangerous method or function

EUVDB-ID: #VU28238

Risk: Medium

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10683

CWE-ID: CWE-749 - Exposed Dangerous Method or Function

Exploit availability: No

Description

The vulnerability allows a remote attacker to abuse implemented functionality.

The vulnerability exists due to dom4j allows by default external DTDs and External Entities. A remote attacker can abuse this functionality and perform XXE attack against application that uses dom4j default configuration.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Business Automation: before 21.0.3.28

CPE2.3 External links

http://www.ibm.com/support/pages/node/7108592


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) XML Entity Expansion

EUVDB-ID: #VU86355

Risk: Low

CVSSv3.1: 4.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-5644

CWE-ID: CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to insufficient validation of user-supplied XML input. A local user can pass a specially crafted OOXML file to the affected application and perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Business Automation: before 21.0.3.28

CPE2.3 External links

http://www.ibm.com/support/pages/node/7108592


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Infinite loop

EUVDB-ID: #VU12842

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12626

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to infinite loops while parsing specially crafted WMF, EMF, MSG and macros and out of Memory exceptions while parsing specially crafted DOC, PPT and XLS. A remote attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Business Automation: before 21.0.3.28

CPE2.3 External links

http://www.ibm.com/support/pages/node/7108592


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Infinite loop

EUVDB-ID: #VU59965

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23437

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when parsing XML documents. A remote attacker can supply a specially crafted XML document, consume all available system resources and cause denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Business Automation: before 21.0.3.28

CPE2.3 External links

http://www.ibm.com/support/pages/node/7108592


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Infinite loop

EUVDB-ID: #VU86821

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2009-2625

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop. A remote attacker can send a malformed XML input to the application, consume all available system resources and cause denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Business Automation: before 21.0.3.28

CPE2.3 External links

http://www.ibm.com/support/pages/node/7108592


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) XML Entity Expansion

EUVDB-ID: #VU49517

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-23926

CWE-ID: CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation when processing XML data. A remote attacker can pass specially crafted XML data to the application and perform XML Entity Expansion attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Business Automation: before 21.0.3.28

CPE2.3 External links

http://www.ibm.com/support/pages/node/7108592


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) XXE attack

EUVDB-ID: #VU14515

Risk: Low

CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-1000632

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct XXE attack on the target system.

The vulnerability exists due to improper sanitization of elements and attribute names in XML documents. A remote attacker can trick the victim into opening a specially crafted XML document that submits malicious input, perform XXE attack and bypass security restrictions to access and modify sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Business Automation: before 21.0.3.28

CPE2.3 External links

http://www.ibm.com/support/pages/node/7108592


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

13) OS Command Injection

EUVDB-ID: #VU72575

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48339

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation within the hfy-istext-command() function when parsing the "file" and "srcdir" parameters, if a file name or directory name contains shell metacharacter. A remote attacker can execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Business Automation: before 21.0.3.28

CPE2.3 External links

http://www.ibm.com/support/pages/node/7108592


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) OS Command Injection

EUVDB-ID: #VU72573

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48337

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation when parsing name of a source-code file in lib-src/etags.c. A remote attacker can trick the victim use the "etags -u *" command on the directory with attacker controlled content and execute arbitrary OS commands on the target system.


Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Business Automation: before 21.0.3.28

CPE2.3 External links

http://www.ibm.com/support/pages/node/7108592


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Deserialization of Untrusted Data

EUVDB-ID: #VU85618

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6378

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insecure input validation when processing serialized data in logback receiver component. A remote attacker can pass specially crafted data to the application and cause a denial of service condition on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak for Business Automation: before 21.0.3.28

CPE2.3 External links

http://www.ibm.com/support/pages/node/7108592


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###