SB2024120521 - Multiple vulnerabilities in IBM App Connect Enterprise Certified Container

Description

This security bulletin contains information about 18 secuirty vulnerabilities.

1) Type Confusion (CVE-ID: CVE-2024-6119)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error when performing certificate name checks. A remote attacker can supply a specially crafted X.509 certificate to the server, trigger a type confusion error and perform a denial of service (DoS) attack.

2) Improper input validation (CVE-ID: CVE-2024-21235)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.

3) Improper input validation (CVE-ID: CVE-2024-21217)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Serialization component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

4) Improper input validation (CVE-ID: CVE-2024-21210)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle Java SE. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

5) Improper input validation (CVE-ID: CVE-2024-21208)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Networking component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

6) Infinite loop (CVE-ID: CVE-2024-8088)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the the CPython "zipfile" module affecting "zipfile.Path". A remote attacker can consume all available system resources and cause denial of service conditions.

7) Command Injection (CVE-ID: CVE-2024-6923)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to insufficient validation of newlines for email headers when serializing an email message. A remote attacker can inject arbitrary headers into serialized email messages.

8) Untrusted search path (CVE-ID: CVE-2024-6655)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an untrusted search path. A local user can place a malicious binary into a current working directory and execute arbitrary code with escalated privileges.

9) Incorrect Regular Expression (CVE-ID: CVE-2024-6232)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of .tar archives when processing it with regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

10) Integer overflow (CVE-ID: CVE-2024-45492)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the nextScaffoldPart() function in xmlparse.c. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

11) Integer overflow (CVE-ID: CVE-2024-45491)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the dtdCopy() function in xmlparse.c. A remote attacker can pass specially crafted input to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

12) Buffer Underwrite ('Buffer Underflow') (CVE-ID: CVE-2024-45490)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary error in xmlparse.c when handling negative length for XML_ParseBuffer. A remote attacker can pass specially crafted input to the application, trigger buffer underflow and execute arbitrary code on the system.

13) Incorrect provision of specified functionality (CVE-ID: CVE-2024-4032)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists within the "ipaddress" module that contains incorrect information and private and public IP addresses for IPv4 and IPv6 protocols. This affects the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes. A remote attacker can bypass implemented security restrictions based on IP addresses or perform other actions, depending on the application's capabilities.

14) Insufficient verification of data authenticity (CVE-ID: CVE-2024-34397)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to missing authorization for D-Bus signals. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service.

15) Resource exhaustion (CVE-ID: CVE-2024-28863)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources while parsing a tar file. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

16) Infinite loop (CVE-ID: CVE-2024-24786)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when parsing data in an invalid JSON format within the protojson.Unmarshal() function. A remote attacker can consume all available system resources and cause denial of service conditions.

17) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2024-22020)

The disclosed vulnerability allows a remote user to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input when handling non-network imports in data URLs. A remote user can bypass network import restrictions and execute arbitrary code.

18) Resource exhaustion (CVE-ID: CVE-2024-0450)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the zipfile module does not properly control consumption of internal resources when extracting files from a zip archive. A remote attacker can pass a specially crafted archive aka zip-bomb to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/support/pages/node/7177817