Multiple vulnerabilities in IBM Watson CP4D Data Stores



Published: 2024-10-04
Risk Medium
Patch available YES
Number of vulnerabilities 12
CVE-ID CVE-2023-30590
CVE-2023-39325
CVE-2023-46324
CVE-2023-24537
CVE-2022-28948
CVE-2023-32067
CVE-2023-30589
CVE-2023-30588
CVE-2023-24807
CVE-2023-23936
CVE-2022-48564
CVE-2022-35255
CWE-ID CWE-1068
CWE-400
CWE-347
CWE-835
CWE-502
CWE-20
CWE-444
CWE-185
CWE-113
CWE-330
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Watson CP4D Data Stores
Other software / Other software solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 12 vulnerabilities.

1) Inconsistency between implementation and documented design

EUVDB-ID: #VU77606

Risk: Medium

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-30590

CWE-ID: CWE-1068 - Inconsistency Between Implementation and Documented Design

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to inconsistency between implementation and documented design within the generateKeys() API function. The documented behavior is different from the actual behavior, and this difference could lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Watson CP4D Data Stores: before 5.0.3

CPE2.3
External links

http://www.ibm.com/support/pages/node/7171993


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource exhaustion

EUVDB-ID: #VU82064

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-39325

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to excessive consumption of internal resources when handling HTTP/2 requests. A remote attacker can bypass the http2.Server.MaxConcurrentStreams setting by creating new connections while the current connections are still being processed, trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Watson CP4D Data Stores: before 5.0.3

CPE2.3
External links

http://www.ibm.com/support/pages/node/7171993


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU95524

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-46324

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to pkg/suci/suci.go in free5GC udm may compute a shared secret via an uncompressed public key that has not been validated. A remote attacker can send arbitrary SUCIs to the UDM to gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Watson CP4D Data Stores: before 5.0.3

CPE2.3
External links

http://www.ibm.com/support/pages/node/7171993


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Infinite loop

EUVDB-ID: #VU74573

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-24537

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when calling any of the Parse functions on Go source code which contains //line directives with very large line numbers. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Watson CP4D Data Stores: before 5.0.3

CPE2.3
External links

http://www.ibm.com/support/pages/node/7171993


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Deserialization of Untrusted Data

EUVDB-ID: #VU64275

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-28948

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to insecure input validation when processing serialized data in the Unmarshal function. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Watson CP4D Data Stores: before 5.0.3

CPE2.3
External links

http://www.ibm.com/support/pages/node/7171993


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU76422

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-32067

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing DNS responses. A remote attacker can send a specially crafted DNS response to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Watson CP4D Data Stores: before 5.0.3

CPE2.3
External links

http://www.ibm.com/support/pages/node/7171993


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU77605

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-30589

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests in the llhttp parser. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Watson CP4D Data Stores: before 5.0.3

CPE2.3
External links

http://www.ibm.com/support/pages/node/7171993


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Input validation error

EUVDB-ID: #VU77604

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-30588

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied public key within the crypto.X509Certificate() API. A remote user can pass an invalid public key to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Watson CP4D Data Stores: before 5.0.3

CPE2.3
External links

http://www.ibm.com/support/pages/node/7171993


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Incorrect Regular Expression

EUVDB-ID: #VU72404

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-24807

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when user-supplied input within the `Headers.set()` and `Headers.append()` methods. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Watson CP4D Data Stores: before 5.0.3

CPE2.3
External links

http://www.ibm.com/support/pages/node/7171993


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) HTTP response splitting

EUVDB-ID: #VU72403

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-23936

CWE-ID: CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP splitting attacks.

The vulnerability exists due to software does not correctly process CRLF character sequences when handling HTTP "Host" header. A remote attacker can send specially crafted request containing CRLF sequence and make the application to send a split HTTP response.

Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Watson CP4D Data Stores: before 5.0.3

CPE2.3
External links

http://www.ibm.com/support/pages/node/7171993


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Resource exhaustion

EUVDB-ID: #VU82077

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48564

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability occurs when processing malformed Apple Property List files in binary format. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Watson CP4D Data Stores: before 5.0.3

CPE2.3
External links

http://www.ibm.com/support/pages/node/7171993


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use of insufficiently random values

EUVDB-ID: #VU67849

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-35255

CWE-ID: CWE-330 - Use of Insufficiently Random Values

Exploit availability: No

Description

The vulnerability allows a remote attacker to decrypt sensitive information.

The vulnerability exists due to usage of weak randomness in WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. A remote attacker can decrypt sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Watson CP4D Data Stores: before 5.0.3

CPE2.3
External links

http://www.ibm.com/support/pages/node/7171993


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###