SB2024022911 - Multiple vulnerabilities in IBM Cloud Pak for AIOps

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024022911

SB2024022911 - Multiple vulnerabilities in IBM Cloud Pak for AIOps

Published: February 29, 2024 Updated: November 29, 2024

Security Bulletin ID SB2024022911
Severity
High
Patch available
YES
Number of vulnerabilities 16
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 25% Medium 56% Low 19%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 16 secuirty vulnerabilities.


1) Path traversal (CVE-ID: CVE-2023-41105)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.


2) Covert timing channel (CVE-ID: CVE-2023-5388)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to insufficient fix for #VU84108 (CVE-2023-4421). A remote attacker can perform Marvin attack and gain access to sensitive information.


3) Resource exhaustion (CVE-ID: CVE-2023-49568)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when handling responses from a Git server. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


4) Security features bypass (CVE-ID: CVE-2024-21626)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an internal file descriptor leak that can cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace or a malicious image to allow a container process to gain access to the host filesystem through runc run. A remote attacker can trick the victim into loading a malicious image to bypass sandbox restrictions and execute arbitrary code on the host OS.


5) Reachable Assertion (CVE-ID: CVE-2024-0567)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when verifying a certificate chain with a cycle of cross signatures. A remote attacker can pass a specially crafted certificate to the application and perform a denial of service (DoS) attack.


6) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2024-23829)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.


7) Path traversal (CVE-ID: CVE-2024-23334)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in aiohttp.web.static(follow_symlinks=True). A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Request examples:

For windows: /static/../D:\flag.txt Poc

For Linux: /static/../../../../etc/passwd



8) Buffer overflow (CVE-ID: CVE-2023-22745)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in "Tss2_RC_SetHandler" and "Tss2_RC_Decode". A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


9) Incorrect Regular Expression (CVE-ID: CVE-2022-25883)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing regular expressions. A remote attacker can pass specially crafted data to the application via the new Range function and perform regular expression denial of service (ReDos) attack.


10) Improper input validation (CVE-ID: CVE-2024-20945)

The vulnerability allows a local authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Security component in Oracle GraalVM Enterprise Edition. A local authenticated user can exploit this vulnerability to gain access to sensitive information.


11) Improper input validation (CVE-ID: CVE-2024-20921)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.


12) Improper input validation (CVE-ID: CVE-2024-20919)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.


13) Out-of-bounds write (CVE-ID: CVE-2023-4016)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.


14) Race condition (CVE-ID: CVE-2024-23651)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a race condition. A remote attacker can exploit the race and cause the files from the host system being accessible to the build container.


15) Improper Check for Unusual or Exceptional Conditions (CVE-ID: CVE-2024-23650)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.


16) Information disclosure (CVE-ID: CVE-2023-4641)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to an error in gpasswd(1), which fails to clean memory properly. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. A local user with enough access can retrieve the password from the memory.


Remediation

Install update from vendor's website.

References