Multiple vulnerabilities in IBM Cloud Pak System



Published: 2024-08-27
Risk Medium
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2023-4806
CVE-2023-34968
CVE-2022-1615
CVE-2023-4911
CVE-2022-32746
CVE-2023-34967
CWE-ID CWE-416
CWE-200
CWE-330
CWE-119
CWE-843
Exploitation vector Network
Public exploit Vulnerability #4 is being exploited in the wild.
Vulnerable software
Subscribe 		IBM Cloud Pak System
Server applications / Server solutions for antivurus protection

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU81447

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4806

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the getaddrinfo() function. A remote attacker can perform a denial of service (DoS) attack.


Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak System: before 2.3.4.0

External links

http://www.ibm.com/support/pages/node/7148477


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU78576

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34968

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can send a specially crafted RPC request to the server and obtain real server-side share path.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak System: before 2.3.4.0

External links

http://www.ibm.com/support/pages/node/7148477


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use of insufficiently random values

EUVDB-ID: #VU67270

Risk: Low

CVSSv3.1: 3.1 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1615

CWE-ID: CWE-330 - Use of Insufficiently Random Values

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to usage of predictable random values within the GnuTLS gnutls_rnd() function. A remote user can decrypt sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak System: before 2.3.4.0

External links

http://www.ibm.com/support/pages/node/7148477


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU81437

Risk: Low

CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2023-4911

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of GLIBC_TUNABLES environment variable. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak System: before 2.3.4.0

External links

http://www.ibm.com/support/pages/node/7148477


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

5) Use-after-free

EUVDB-ID: #VU65827

Risk: Low

CVSSv3.1: 2.1 [CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32746

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error when handling LDAP requests. A remote user with ability to edit privileged properties, such as userAccountControl, can send a specially crafted LDAP request to the server, trigger a use-after-free error and perform a denial of service (DoS) attack.


Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak System: before 2.3.4.0

External links

http://www.ibm.com/support/pages/node/7148477


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Type Confusion

EUVDB-ID: #VU78575

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34967

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error when parsing Spotlight mdssvc RPC packets. A remote attacker can send specially crafted data to the server, trigger a type confusion error and crash the server.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Pak System: before 2.3.4.0

External links

http://www.ibm.com/support/pages/node/7148477


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###