Security bulletins and fixes

Stay informed about known security vulnerabilities and fixes for IBM Cloud Pak® for AIOps by subscribing to the security bulletins and by reviewing the list of fixed security-related vulnerabilities.

Security bulletins

Subscribe to IBM Cloud Pak for AIOps notifications by following these steps:

  1. Go to the IBM Support site Opens in a new tab.

  2. Scroll to the Support basics section. Then, click the Notification settings card.

  3. Log in to IBM with your IBM ID and password to continue.

  4. Enter IBM Cloud Pak for AIOps in the Product lookup field. Click Subscribe.

  5. In the Select document types page, select Security bulletin and Fixes > Security Vulnerability (Sec/Int). You can also select any other document types that you need to keep informed about.

  6. Click Submit.

  7. To configure how you receive notifications, click Delivery preferences in the banner at the beginning of the page. Edit your settings as needed.

Fixed security-related vulnerabilities in version 4.4.1

Review the following tables, which lists the fixed reported security-related vulnerabilities with IBM Cloud Pak for AIOps, and any included IBM or third-party software.

Table. Fixed Common Vulnerabilities and Exposures in Version 4.4.0
CVE-ID Issue Description
CVE-2022-25883 Opens in a new tab Node.js semver package denial of service Node.js semver package is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the new Range function. By providing specially crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-4016 Opens in a new tab procps-ng procps denial of service procps-ng procps is vulnerable to a denial of service, caused by a heap based buffer overflow when running the “ps” utility. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2023-4641 Opens in a new tab shadow-maint shadow-utils information disclosure shadow-maint shadow-utils could allow a local authenticated attacker to obtain sensitive information, caused by failing to clean the buffer used to store password information. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain password information, and use this information to launch further attacks against the affected system.
CVE-2023-5388 Opens in a new tab Red Hat Enterprise Linux information disclosure Red Hat Enterprise Linux could allow a remote authenticated attacker to obtain sensitive information, caused by an observable timing discrepancy in the numerical library used in NSS for RSA cryptography. An attacker could exploit this vulnerability to obtain sensitive information and use this information to conduct Bleichenbacher or Manger attacks against the affected system.
CVE-2023-5528 Opens in a new tab Kubernetes kubelet privilege escalation Kubernetes kubelet could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper input validation in in-tree storage plugin. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated prvileges.
CVE-2023-22745 Opens in a new tab tpm2-tss buffer overflow tpm2-tss is vulnerable to a buffer overflow, caused by improper bounds checking by the Tss2_RC_SetHandler and Tss2_RC_Decode function. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system.
CVE-2023-41105 Opens in a new tab Python security bypass Python could allow a local authenticated attacker to bypass security restrictions, caused by a flaw with os.path.normpath truncates input on null bytes. By sending a specially crafted request, an attacker could exploit this vulnerability to allow wrong files or directories being used.
CVE-2023-49568 Opens in a new tab go-git denial of service go-git is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted responses from a Git server, a remote attacker could exploit this vulnerability to trigger resource exhaustion in go-git clients, and results in a denial of service conditoin.
CVE-2023-49569 Opens in a new tab go-git directory traversal go-git could allow a remote attacker to traverse directories on the system. By sending a specially crafted request using the ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS, an attacker could exploit this vulnerability to create and amend files across the filesystem and possibly execute arbitrary code on the system.
CVE-2023-50447 Opens in a new tab Pillow code execution Pillow could allow a remote attacker to execute arbitrary code on the system, caused by improper neutralization of user supplied-input by the PIL.ImageMath.eval function. By sending a specially crafted request using keys that leverage the environment parameter, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-0567 Opens in a new tab GnuTLS denial of service GnuTLS is vulnerable to a denial of service, caused by a flaw when validating a certificate chain with cockpit-certificate-ensure. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-20919 Opens in a new tab Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition unspecified An unspecified vulnerability in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition related to the Hotspot component could allow a remote attacker to cause high integrity impact.
CVE-2024-20921 Opens in a new tab Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition unspecified An unspecified vulnerability in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition related to the Hotspot component could allow a remote attacker to cause high confidentiality impact.
CVE-2024-20945 Opens in a new tab Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition unspecified An unspecified vulnerability in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition related to the Hotspot component could allow a local authenticated attacker to cause high confidentiality impact.
CVE-2024-21626 Opens in a new tab Open Container Initiative runc security bypass Open Container Initiative runc could allow a remote attacker to bypass security restrictions, caused by an internal file descriptor leak. By persuading a victim to use a specially crafted image, an attacker could exploit this vulnerability to perform container escape to access to the host filesystem.
CVE-2024-23334 Opens in a new tab aio-libs aiohttp directory traversal aio-libs aiohttp could allow a remote attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVE-2024-23650 Opens in a new tab Moby BuildKit denial of service Moby BuildKit is vulnerable to a denial of service. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause daemon crashing with a panic.
CVE-2024-23651 Opens in a new tab Moby BuildKit security bypass Moby BuildKit could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to cause files from the host system being accessible to the build container.
CVE-2024-23652 Opens in a new tab Moby BuildKit directory traversal Moby BuildKit could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted request to remove arbitrary files on the system.
CVE-2024-23653 Opens in a new tab Moby BuildKit privilege escalation Moby BuildKit could allow a remote attacker to gain elevated privileges on the system, caused by improper validation of entitlements check in Interactive containers API. By sending a specially crafted request, an attacker could exploit this vulnerability to run a container with elevated privileges.
CVE-2024-23829 Opens in a new tab aio-libs aiohttp HTTP request smuggling aio-libs aiohttp is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP header. By sending a specially crafted HTTP(S) header, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.

Fixed security-related vulnerabilities in previous versions

Review the following documentation, which includes the list of fixed reported security-related vulnerabilities in previous versions of IBM Cloud Pak for AIOps: