SB2024081626 - Multiple vulnerabilities in IBM Spectrum Control

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024081626

SB2024081626 - Multiple vulnerabilities in IBM Spectrum Control

Published: August 16, 2024

Security Bulletin ID SB2024081626
Severity
Medium
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 86% Low 14%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Reachable Assertion (CVE-ID: CVE-2024-27983)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when handling HTTP/2 packets. A remote attacker can send a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside and perform a denial of service (DoS) attack.


2) Input validation error (CVE-ID: CVE-2024-22019)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing HTTP requests with chunked encoding. A remote attacker can send specially crafted HTTP request to the server and perform a denial of service (DoS) attack.


3) Input validation error (CVE-ID: CVE-2024-22025)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when handling brotli decoding. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


4) Covert Timing Channel (CVE-ID: CVE-2023-46809)

The vulnerability allows a remote attacker to perform Marvin attack.

The vulnerability exists due to a covert timing channel in the privateDecrypt() API of the crypto library. A remote attacker can perform a covert timing side-channel during PKCS#1 v1.5 padding error handling and decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing Json Web Encryption messages.


5) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2024-27982)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.


6) Command Injection (CVE-ID: CVE-2024-27980)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper handling of batch files in child_process.spawn / child_process.spawnSync. An attacker can inject a malicious command line argument and achieve code execution even if the shell option is not enabled.


7) Improper handling of exceptional conditions (CVE-ID: CVE-2024-21892)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the way certain environment variables are handled by Node.js on Linux. A local user can use a specially crafted environment variable to escalate privileges on the system.


Remediation

Install update from vendor's website.

References