Security Bulletin
Summary
IBM Tealeaf CX Passive Capture Application is vulnerable to a remotely exploitable OS command injection and local file inclusion. These vulnerabilities may be exploited to compromise the host system.
Vulnerability Details
Two areas of vulnerability are found in the IBM Tealeaf CX Passive Capture Application (PCA) web console (PHP) Builds 3611 and 3620:
RCE vulnerability: A non-root level user can substitute the command-line parameter with a string of commands and run different commands. PHP code runs at the non-root user level. This means there are very limited, non-critical operations that can be done.
PCA web console access is required to see the vulnerabilities. If login authentication is enabled, someone needs to bypass the authentication to determine what the exploits are. The PCA web console is also not an externally exposed web application. It is primarily an IT management console that is only used by IT, and possibly the IBM Tealeaf Administrator managing their networks.
LFI vulnerability: The LFI vulnerability allows for the ability to download files outside of files that are intended to be downloaded for customer support purposes (for example, log files). Although you are able to change the parameters, you are not able to download any root level files. Therefore, this vulnerability is minimal.
There are patches available for IBM Tealeaf CX Passive Capture Application Builds 3611 and 3620 to resolve these security vulnerabilities.
CVEID: CVE-2013-6719
Description: Remote OS command injection.
CVSS Base Score: 6.0
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/89228 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVEID: CVE-2013-6720
Description: Local File Inclusion.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/89229 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N)
Affected Products and Versions
IBM Tealeaf Customer Experience v8.0-v8.8
Remediation/Fixes
Product | VRMF | Remediation/First Fix |
IBM Tealeaf Customer Experience | 8.8 | https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=8.8_IBMTealeaf_PCA-3625-4_SecurityRollup_FixPack |
IBM Tealeaf Customer Experience | 8.7 | https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=8.7_IBMTealeaf_PCA-3615-4_SecurityRollup_FixPack |
IBM Tealeaf Customer Experience | 8.6 and earlier | You can contact the Technical Support team for guidance. |
Workarounds and Mitigations
None.
Get Notified about Future Security Bulletins
References
IBM Tealeaf CX Passive Capture Application 3620 Manual
IBM Tealeaf CX Passive Capture Application 3611 Release Notes
IBM Tealeaf CX Passive Capture Application 3611 Manual
Acknowledgement
The vulnerability was reported to IBM by Bryan Alexander of Coalfire Labs.
Change History
10 June 2016: Update Fix Central links
03 February 2014 - Original publish date
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21667630