SB2025032421 - Multiple vulnerabilities in HPE Unified OSS Console Assurance Monitoring (UOCAM)
Published: March 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Resource exhaustion (CVE-ID: CVE-2021-44906)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.
2) Resource exhaustion (CVE-ID: CVE-2024-28176)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in the JSON Web Encryption (JWE) decryption interfaces. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
3) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2023-42282)
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input within the isPublic() function. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
4) Information disclosure (CVE-ID: CVE-2024-28849)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to credentials are shared via headers when following cross-domain redirects. A remote attacker can gain access to sensitive information.
5) Resource exhaustion (CVE-ID: CVE-2023-51775)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion via large p2c (aka PBES2 Count) value and perform a denial of service (DoS) attack.
6) Deserialization of Untrusted Data (CVE-ID: CVE-2023-6378)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insecure input validation when processing serialized data in logback receiver component. A remote attacker can pass specially crafted data to the application and cause a denial of service condition on the target system.
7) Improper access control (CVE-ID: CVE-2024-22257)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions when the "AuthenticatedVoter#vote" passing a "null" Authentication parameter. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.
8) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2024-22259)
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input when parsing URL with the UriComponentsBuilder component. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
Remediation
Install update from vendor's website.
References
- https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068
- https://github.com/substack/minimist/issues/164
- https://github.com/substack/minimist/blob/master/index.js#L69
- https://github.com/panva/jose/security/advisories/GHSA-hhhv-q57g-882q
- https://github.com/panva/jose/commit/02a65794f7873cdaf12e81e80ad076fcdc4a9314
- https://github.com/panva/jose/commit/1b91d88d2f8233f3477a5f4579aa5f8057b2ee8b
- https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html
- https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b
- https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp
- https://github.com/psf/requests/issues/1885
- https://hackerone.com/reports/2390009
- https://bugzilla.redhat.com/show_bug.cgi?id=2269576
- https://bitbucket.org/b_c/jose4j/issues/212
- https://logback.qos.ch/news.html#1.3.12
- https://spring.io/security/cve-2024-22257
- https://spring.io/security/cve-2024-22259