IBM Support

Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities

Security Bulletin


Summary

IBM has addressed multiple vulnerabilities in IBM Spectrum Discover. Webpack loader-utils [CVE-2022-37601] is vulnerable to execute arbitrary code on the system caused by a pollution flaw in parseQuery function. OpenStack Keystone [CVE-2021-3563] is vulnerable to bypass security restriction attack caused by an issue in application secret. UltraJSON ujson [CVE-2022-31117, CVE-2022-31116] is vulnerable to a denial of service attacks caused by an improper handling for characters and a double free flaw while reallocating the buffer. Moment [CVE-2022-31129, CVE-2022-24785] is vulnerable to a denial of service and to traverse directories on the system, caused by inefficient regular expression complexity and by improper validation of user supplied input. Node.js dicer module [CVE-2022-24434] is vulnerable to a denial of service by sending a specially-crafted form to server. Python [CVE-2022-45061, CVE-2020-10735] is vulnerable to a denial of service, caused by an unnecessary quadratic algorithm exists in one path when processing some inputs and by the failure to limit amount of digits converting text to int by the int() type in PyLong_FromString(). Python Charmers Future [CVE-2022-40899] is vulnerable to a denial of service, caused by improper input validation. Auth0 jsonwebtoken [CVE-2022-23541, CVE-2022-23539, CVE-2022-23529, CVE-2022-23540] is vulnerable to bypass security restrictions and to execute arbitrary code on the system, caused by an insecure implementation and improper input validations. Python cryptography use OpenSSL [CVE-2023-0286] is vulnerable to a denial of service, caused by a type confusion error related to X.400 address processing inside an X.509 GeneralName. decode-uri-component [CVE-2022-38900] is vulnerable to a denial of service, caused by improper input validation by the decodeComponents function. QS Express.js [CVE-2022-24999] is vulnerable to a denial of service, caused by a prototype pollution flaw in qs. Werkzeug [CVE-2023-25577, CVE-2023-23934] is vulnerable to bypass security restrictions, is vulnerable to a denial of service and is vulnerable to HTTP request smuggling, caused by improper input validation, by a flaw when parsing multipart form data with many fields and by improper parsing of HTTP requests. Node.js node-fetch module [CVE-2022-2596] is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the isOriginPotentiallyTrustworthy() function in the referrer.js script. Flask [CVE-2023-30861] is vulnerable to obtain sensitive information, caused by missing Vary: Cookie header. JSON5 [CVE-2022-46175] is vulnerable to execute arbitrary code on the system, caused by a prototype pollution flaw in the parse method. Python Packaging Authority (PyPA) Wheel [CVE-2022-40898] is vulnerable to a denial of service, caused by incorrect use of WHEEL_INFO_RE regular expression to cause a denial of service. PyJWT [CVE-2022-29217] is vulnerable to bypass security restrictions, caused by the key confusion through non-blocklisted public key formats. Zlib [CVE-2018-25032] is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. pytest-dev py [CVE-2022-42969] is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw by the InfoSvnCommand argument. Protobuf [CVE-2022-1941] is vulnerable to a denial of service, caused by a parsing vulnerability for the MessageSet type in the ProtocolBuffers. d3-color(212233) is vulnerable to a denial of service, caused by improper input validation. python-requests [CVE-2023-32681] is vulnerable to obtain sensitive information, caused by the leaking of Proxy-Authorization headers to destination servers during redirects to an HTTPS origin. Pypa Setuptools [CVE-2022-40897] is vulnerable to a denial of service, caused by improper input validation. Node.js ua-parser-js module [CVE-2022-25927] is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw. Node.js npm module [CVE-2022-29244] is vulnerable to obtain sensitive information, caused by an issue with ignoring root-level .gitignore & .npmignore file exclusion directives when run in a workspace or with a workspace flag. Certifi [CVE-2022-23491] have an unspecified error in with TrustCor's ownership also operated a business that produced spyware in Certifi has an unknown impact and attack vector. PyPI cryptography package [CVE-2023-23931] is vulnerable to bypass security restrictions, caused by a memory corruption in Cipher.update_into. Sqlalchemy mako [CVE-2022-40023] is vulnerable to a denial of service, caused by a regular expression denial of service when using the Lexer class to parse. OAuthlib [CVE-2022-36087] is vulnerable to a denial of service, caused by improper input validation. Node.js got module [CVE-2022-33987] is vulnerable to bypass security restrictions, caused by an unspecified, by sending a specially-crafted request. Tornado [CVE-2023-28370] is vulnerable to conduct phishing attacks, caused by an open redirect vulnerability. Node.js express-fileupload module [CVE-2022-27140, CVE-2022-27261] is vulnerable to upload arbitrary files and to overwrite arbitrary files, caused by the improper validation of file extensions by the file upload module and by insufficient validation of user input.

Vulnerability Details

CVEID:   CVE-2022-33987
DESCRIPTION:   Node.js got module could allow a remote attacker to bypass security restrictions, caused by an unspecified. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform a redirect to a UNIX socket.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229246 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:   CVE-2022-1941
DESCRIPTION:   protobuf is vulnerable to a denial of service, caused by a parsing vulnerability for the MessageSet type in the ProtocolBuffers. By sending a specially crafted message with multiple key-value per elements, a remote attacker could exploit this vulnerability to cause a crash.
CVSS Base score: 5.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237081 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-40898
DESCRIPTION:   Python Packaging Authority (PyPA) Wheel is vulnerable to a denial of service. A remote attacker could exploit this vulnerability using the WHEEL_INFO_RE regular expression to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/243027 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-29217
DESCRIPTION:   PyJWT could allow a remote attacker to bypass security restrictions, caused by the key confusion through non-blocklisted public key formats. By sending a specially-crafted request, an attacker could exploit this vulnerability to choose the used signing algorithm.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227222 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID:   CVE-2022-36087
DESCRIPTION:   OAuthlib is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request using IPV6 URI, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235780 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2018-25032
DESCRIPTION:   Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many distant matches, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222615 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-46175
DESCRIPTION:   JSON5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the parse method. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242965 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H)

CVEID:   CVE-2023-32681
DESCRIPTION:   python-requests could allow a remote attacker to obtain sensitive information, caused by the leaking of Proxy-Authorization headers to destination servers during redirects to an HTTPS origin. By persuading a victim to click on a specially crafted URL, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256114 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N)

CVEID:   CVE-2022-31117
DESCRIPTION:   UltraJSON is vulnerable to a denial of service, caused by a double free flaw while reallocating the buffer for string decoding. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230460 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-31116
DESCRIPTION:   UltraJSON is vulnerable to a denial of service, caused by improper handling of invalid surrogate pair characters. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230458 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-45061
DESCRIPTION:   Python is vulnerable to a denial of service, caused by an unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a CPU denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240593 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-37601
DESCRIPTION:   webpack loader-utils could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the parseQuery function in parseQuery.js. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238763 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2022-24434
DESCRIPTION:   Node.js dicer module is vulnerable to a denial of service. By sending a specially-crafted form to server, a remote attacker could exploit this vulnerability to crash the node.js service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227085 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-0286
DESCRIPTION:   OpenSSL is vulnerable to a denial of service, caused by a type confusion error related to X.400 address processing inside an X.509 GeneralName. By passing arbitrary pointers to a memcmp call, a remote attacker could exploit this vulnerability to read memory contents or cause a denial of service.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/246611 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H)

CVEID:   CVE-2022-23541
DESCRIPTION:   Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure implementation of key retrieval function. By sending a specially-crafted request, an attacker could exploit this vulnerability to forge Public/Private Tokens from RSA to HMAC.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242966 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2022-23539
DESCRIPTION:   Auth0 jsonwebtoken could provide weaker than expected security, caused by an unrestricted key type issue. A remote authenticated attacker could exploit this vulnerability to allow legacy keys usage and launch further attacks on the system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242968 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N)

CVEID:   CVE-2022-23529
DESCRIPTION:   Auth0 jsonwebtoken could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper input validation by the jwt.verify function. By sending a specially-crafted request using the key retrieval parameter, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242967 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2022-23540
DESCRIPTION:   Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure default algorithm flaw in the jwt.verify() function. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass signature validation.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242969 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L)

CVEID:   CVE-2022-40899
DESCRIPTION:   Python Charmers Future is vulnerable to a denial of service, caused by improper input validation. By sending crafted Set-Cookie header from malicious web server, an remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/243065 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-40023
DESCRIPTION:   Sqlalchemy mako is vulnerable to a denial of service, caused by a regular expression denial of service when using the Lexer class to parse. By sending a victim to specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235487 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2022-23491
DESCRIPTION:   An unspecified error in with TrustCor's ownership also operated a business that produced spyware in Certifi has an unknown impact and attack vector.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241627 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N)

CVEID:   CVE-2023-23931
DESCRIPTION:   PyPI cryptography package could allow a remote attacker to bypass security restrictions, caused by a memory corruption in Cipher.update_into. By passing an immutable python object as the outbuf, an attacker could exploit this vulnerability to bypass authentication and obtain access.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/246738 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)

CVEID:   CVE-2022-31129
DESCRIPTION:   Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230690 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-25927
DESCRIPTION:   Node.js ua-parser-js module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw. By sending specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/245569 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2022-27140
DESCRIPTION:   Node.js express-fileupload module could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the file upload module. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious .PHP file, which could allow the attacker to execute arbitrary PHP code on the vulnerable system.
CVSS Base score: 9.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224372 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H)

CVEID:   CVE-2022-27261
DESCRIPTION:   Node.js express-fileupload module could allow a local authenticated attacker to overwrite arbitrary files, caused by insufficient validation of user input. By uploading files with the same name as existing files, an attacker could exploit this vulnerability to overwrite arbitrary files on the system.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224312 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L)

CVEID:   CVE-2022-2596
DESCRIPTION:   Node.js node-fetch module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the isOriginPotentiallyTrustworthy() function in the referrer.js script. By sending specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/232616 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-40897
DESCRIPTION:   Pypa Setuptools is vulnerable to a denial of service, caused by improper input validation. By sending request with a specially crafted regular expression, an remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/243028 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-29244
DESCRIPTION:   Node.js npm module could allow a remote authenticated attacker to obtain sensitive information, caused by an issue with ignoring root-level .gitignore & .npmignore file exclusion directives when run in a workspace or with a workspace flag. By sending a specially-crafted request using npm pack or npm publish, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228303 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N)

CVEID:   CVE-2022-42969
DESCRIPTION:   pytest-dev py is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw by the InfoSvnCommand argument. By sending a specially-crafted regex info data, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238604 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2023-25577
DESCRIPTION:   Pallets Werkzeug is vulnerable to a denial of service, caused by a flaw when parsing multipart form data with many fields. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247557 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-23934
DESCRIPTION:   Pallets Werkzeug could allow a remote attacker to bypass security restrictions, caused by improper input validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to set a cookie like =__Host-test=bad for another subdomain.
CVSS Base score: 2.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247553 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)

CVEID:   CVE-2023-30861
DESCRIPTION:   Pallets Flask could allow a remote attacker to obtain sensitive information, caused by missing Vary: Cookie header. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain permanent session cookie information, and use this information to launch further attacks against the affected system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/254247 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2022-24785
DESCRIPTION:   Moment.js could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker could send a specially-crafted locale string containing "dot dot" sequences (/../) to switch arbitrary moment locale.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/223451 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:   CVE-2022-29361
DESCRIPTION:   Pallets Werkzeug is vulnerable to HTTP request smuggling, caused by improper parsing of HTTP requests. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227307 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2020-10735
DESCRIPTION:   Python is vulnerable to a denial of service, caused by the failure to limit amount of digits converting text to int by the int() type in PyLong_FromString(). A remote attacker could exploit this vulnerability to consume all available resources.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235840 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2021-3563
DESCRIPTION:   OpenStack Keystone could allow a remote attacker to bypass security restrictions, caused by an issue with only the first 72 characters of an application secret are verified. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass password complexity which administrators may be counting on.
CVSS Base score: 9.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234994 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID:   CVE-2022-24999
DESCRIPTION:   Express.js Express is vulnerable to a denial of service, caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240815 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-28370
DESCRIPTION:   Tornado could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites.
CVSS Base score: 3.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255985 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)

CVEID:   CVE-2022-38900
DESCRIPTION:   decode-uri-component is vulnerable to a denial of service, caused by improper input validation by the decodeComponents function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241069 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

IBM X-Force ID:   212233
DESCRIPTION:   d3-color is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted string that starts with the letter 'A' to the rgb() and hrc() functions, a remote attacker could exploit this vulnerability to cause a regular expression denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212233 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)Version(s)
IBM Spectrum Discover2.0.4.0
IBM Spectrum Discover2.0.4.1
IBM Spectrum Discover2.0.4.2
IBM Spectrum Discover2.0.4.3
IBM Spectrum Discover2.0.4.4
IBM Spectrum Discover2.0.4.5
IBM Spectrum Discover2.0.4.6
IBM Spectrum Discover2.0.4.7
IBM Spectrum Discover2.5.0
IBM Spectrum Discover2.1.0

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading.

Installed versions of IBM Spectrum Discover (2.0.4, 2.0.4.1, 2.0.4.2, 2.0.4.3, 2.0.4.4,2.0.4.5,2.0.4.6) can be upgraded to fixed version using IBM Spectrum Discover 2.0.4.8 upgrader. and following the steps provided in our documentation (IBM Spectrum Discover Documentation).  For Installed versions of IBM Spectrum Discover (2.0.5.1, 2.1.0) from the IBM Operator catalog in OpenShift can be upgrade to fixed version when the IBM Spectrum Discover 2.1.1 version is available in the IBM Operator Catalog

 

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Acknowledgement

Change History

20 Jun 2023: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

Document Location

Worldwide

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSY8AC","label":"IBM Spectrum Discover"},"Component":"","Platform":[{"code":"PF032","label":"VM"},{"code":"PF040","label":"RedHat OpenShift"}],"Version":"2.0.4.8, 2.1.1","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]

Document Information

Modified date:
19 June 2023

UID

ibm17005455