Security Bulletin
Summary
Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 4.2.0
Vulnerability Details
CVEID: CVE-2022-36227
DESCRIPTION: libarchive s vulnerable to a denial of service, caused by a NULL pointer dereference flaw due to not check for an error after calling calloc function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241187 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2022-33124
DESCRIPTION: AIOHTTP is vulnerable to a denial of service, caused by an invalid IPv6 URL. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/229577 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-1667
DESCRIPTION: libssh is vulnerable to a denial of service, caused by a NULL pointer dereference during rekeying with algorithm guessing. A remote authenticated attacker could exploit this vulnerability to cause the daemon to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256622 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-2283
DESCRIPTION: libssh could allow a remote attacker to bypass security restrictions, caused by a memory allocation flaw in thepki_verify_data_signature function. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass the authentication check of the connecting client.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/257617 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2023-2491
DESCRIPTION: GNU Emacs could allow a local attacker to execute arbitrary commands on the system, caused by a shell metacharacters injection flaw in org-babel-execute:latex in ob-latex.el. By sending a specially crafted input, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/254910 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2023-2828
DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a flaw that allows the named's configured cache size limit to be significantly exceeded. By querying the resolver for specific RRsets in a certain order, a remote attacker could exploit this vulnerability to exhaust all memory on the host.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258607 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-34462
DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of heap for each channel during the TLS handshake the SniHandler class. By sending a specially crafted client hello packet, a remote authenticated attacker could exploit this vulnerability to cause a OutOfMemoryError and so result in a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258713 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2022-2795
DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a flaw in resolver code. By flooding the target resolver with queries, a remote attacker could exploit this vulnerability to severely degrade the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236701 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-38325
DESCRIPTION: Python Cryptographic Authority cryptography could provide weaker than expected security, caused by an encoding mismatch regarding critical options with OpenSSH. An attacker could exploit this vulnerability to launch further attacks on the system
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/260859 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2023-37920
DESCRIPTION: An unspecified error with the removal of e-Tugra root certificate in Certifi has an unknown impact and attack vector.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261639 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2023-2974
DESCRIPTION: quarkus-core could provide weaker than expected security, caused by the failure to configure with quarkus.http.ssl.protocols. A remote authenticated attacker could exploit this vulnerability to launch further attacks on the system
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/260014 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)
CVEID: CVE-2023-0361
DESCRIPTION: GnuTLS could allow a remote attacker to obtain sensitive information, caused by a timing side-channel flaw in the handling of RSA ClientKeyExchange messages. By recovering the secret from the ClientKeyExchange message, an attacker could exploit this vulnerability to decrypt the application data exchanged over that connection, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247680 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2023-29401
DESCRIPTION: Gin-Gonic Gin Web Framework could allow a remote attacker to bypass security restrictions, caused by improper input validation by the filename parameter of the Context.FileAttachment function. By using a specially-crafted attachment file name, an attacker could exploit this vulnerability to modify the Content-Disposition header.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255449 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2022-1271
DESCRIPTION: GNU gzip could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of file name by the zgrep utility. By using a specially-crafted file name, an attacker could exploit this vulnerability to write arbitrary files or execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/223754 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2023-27535
DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a FTP too eager connection reuse flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to reuse a previously created FTP connection.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250530 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2023-3462
DESCRIPTION: HashiCorp Vault and Vault Enterprise could allow a remote attacker to obtain sensitive information, caused by an observable response discrepancy when using the LDAP authentication method. By sending multiple requests, an attacker could exploit this vulnerability to enumerate valid usernames, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262113 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2022-35252
DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a flaw when cookies contain control codes are later sent back to an HTTP(S) server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a "sister site" to deny service to siblings.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234980 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2022-43552
DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a use-after-free flaw when using an HTTP proxy. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242799 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-28859
DESCRIPTION: Redis redis-py could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw with leaving a connection open after canceling an async Redis command at an inopportune time. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251077 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2023-37276
DESCRIPTION: aio-libs aiohttp is vulnerable to HTTP request smuggling, caused by a flaw in aiohttp.web.Application. By sending a specially crafted HTTP(S) request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261137 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2020-24736
DESCRIPTION: SQLite is vulnerable to a denial of service, caused by a buffer overflow in window functions. By using a specially crafted script, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253878 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2002-0080
DESCRIPTION: rsync could allow a remote attacker to gain elevated privileges on the system. rsync fails to drop privileges for supplementary groups when called from the command line in daemon mode. This could allow a remote attacker to inherit the privileges of the user who started rsync.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/8463 for the current score.
CVSS Vector:
CVEID: CVE-2018-5764
DESCRIPTION: rsync could allow a remote attacker to bypass security restrictions, caused by the failure to prevent multiple --protect-args uses in the parse_arguments function in options.c in rsyncd. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass an argument-sanitization protection mechanism.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/137798 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2022-29154
DESCRIPTION: Rsync could allow a remote attacker to bypass security restrictions, caused by improper validation of file names. By utilize man-in-the-middle attack techniques, an attacker could exploit this vulnerability to write arbitrary files inside the directories of connecting peers.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/232637 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2023-26604
DESCRIPTION: systemd could allow a local authenticated attacker to gain elevated privileges on the system, caused by the failure to set LESSSECURE to 1 in the configurations. By sending a specially crafted request, an attacker could exploit this vulnerability to gain root privileges on the system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249251 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
| IBM Cloud Pak for Watson AIOps | 4.1.0-4.1.2 |
Remediation/Fixes
IBM strongly suggests that you address the vulnerabilities now for all affected products/versions listed above by installing Fix:
https://www.ibm.com/docs/SSJGDOB_4.2.0/upgrading/upgrading.html
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Acknowledgement
Change History
28 Sep 2023: Initial Publication
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
28 September 2023
UID
ibm17041676