SB2024100418 - Multiple vulnerabilities in IBM Watson CP4D Data Stores 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024100418

SB2024100418 - Multiple vulnerabilities in IBM Watson CP4D Data Stores

Published: October 4, 2024

Security Bulletin ID SB2024100418
Severity
Medium
Patch available
YES
Number of vulnerabilities 12
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.


1) Inconsistency between implementation and documented design (CVE-ID: CVE-2023-30590)

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to inconsistency between implementation and documented design within the generateKeys() API function. The documented behavior is different from the actual behavior, and this difference could lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security.


2) Resource exhaustion (CVE-ID: CVE-2023-39325)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to excessive consumption of internal resources when handling HTTP/2 requests. A remote attacker can bypass the http2.Server.MaxConcurrentStreams setting by creating new connections while the current connections are still being processed, trigger resource exhaustion and perform a denial of service (DoS) attack.


3) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2023-46324)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to pkg/suci/suci.go in free5GC udm may compute a shared secret via an uncompressed public key that has not been validated. A remote attacker can send arbitrary SUCIs to the UDM to gain unauthorized access to sensitive information on the system.


4) Infinite loop (CVE-ID: CVE-2023-24537)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when calling any of the Parse functions on Go source code which contains //line directives with very large line numbers. A remote attacker can consume all available system resources and cause denial of service conditions.


5) Deserialization of Untrusted Data (CVE-ID: CVE-2022-28948)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to insecure input validation when processing serialized data in the Unmarshal function. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


6) Input validation error (CVE-ID: CVE-2023-32067)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing DNS responses. A remote attacker can send a specially crafted DNS response to the application and perform a denial of service (DoS) attack.


7) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2023-30589)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests in the llhttp parser. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.


8) Input validation error (CVE-ID: CVE-2023-30588)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied public key within the crypto.X509Certificate() API. A remote user can pass an invalid public key to the application and perform a denial of service (DoS) attack.


9) Incorrect Regular Expression (CVE-ID: CVE-2023-24807)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when user-supplied input within the `Headers.set()` and `Headers.append()` methods. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.


10) HTTP response splitting (CVE-ID: CVE-2023-23936)

The vulnerability allows a remote attacker to perform HTTP splitting attacks.

The vulnerability exists due to software does not correctly process CRLF character sequences when handling HTTP "Host" header. A remote attacker can send specially crafted request containing CRLF sequence and make the application to send a split HTTP response.

Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.


11) Resource exhaustion (CVE-ID: CVE-2022-48564)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability occurs when processing malformed Apple Property List files in binary format. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


12) Use of insufficiently random values (CVE-ID: CVE-2022-35255)

The vulnerability allows a remote attacker to decrypt sensitive information.

The vulnerability exists due to usage of weak randomness in WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. A remote attacker can decrypt sensitive information.


Remediation

Install update from vendor's website.

References