IBM Support

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Security Bulletin


Summary

IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, swagger, jQuery, Netty, Apache commons, validator.js, Chalk ansi-regex, Json-schema, Java SE and IBM WebSphere Application Server Liberty.

Vulnerability Details

CVEID:   CVE-2021-44531
DESCRIPTION:   Node.js could allow a remote attacker to bypass security restrictions, caused by the improper handling of URI Subject Alternative Name (SAN) types. An attacker could exploit this vulnerability to bypass name-constrained intermediates.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216930 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:   CVE-2022-22310
DESCRIPTION:   IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. IBM X-Force ID: 217224.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217224 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:   CVE-2018-25031
DESCRIPTION:   swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a specially-crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217346 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

CVEID:   CVE-2021-46708
DESCRIPTION:   npm swagger-ui-dist could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217359 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

CVEID:   CVE-2022-21824
DESCRIPTION:   Node.js could provide weaker than expected security, caused by an error related to the formatting logic of the console.table() function. An attacker could exploit this vulnerability using console.table properties to allow an empty string to be assigned to numerical keys of the object prototype.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216933 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:   CVE-2021-44533
DESCRIPTION:   Node.js could allow a remote attacker to bypass security restrictions, caused by the incorrect handling of multi-value Relative Distinguished Names. By crafting certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, an attacker could exploit this vulnerability to bypass the certificate subject verification.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216932 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:   CVE-2021-44532
DESCRIPTION:   Node.js could allow a remote attacker to bypass security restrictions, caused by a string injection vulnerability when name constraints were used within a certificate chain. An attacker could exploit this vulnerability to bypass the name constraints.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216931 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:   CVE-2021-35550
DESCRIPTION:   An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211627 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2022-21365
DESCRIPTION:   An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217659 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2022-21360
DESCRIPTION:   An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217654 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2022-21349
DESCRIPTION:   An unspecified vulnerability in Java SE related to the 2D component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217643 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2022-21341
DESCRIPTION:   An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217636 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2022-21340
DESCRIPTION:   An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217635 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2022-21305
DESCRIPTION:   An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217600 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:   CVE-2022-21294
DESCRIPTION:   An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217589 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2022-21293
DESCRIPTION:   An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217588 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2022-21291
DESCRIPTION:   An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217586 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:   CVE-2022-21248
DESCRIPTION:   An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217543 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:   CVE-2021-39038
DESCRIPTION:   IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 213968.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213968 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID:   CVE-2021-35603
DESCRIPTION:   An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211676 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2015-9251
DESCRIPTION:   jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/138029 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:   CVE-2016-10707
DESCRIPTION:   jQuery is vulnerable to a denial of service, caused by removing a logic that lowercased attribute names. By using a mixed-cased name for boolean attributes, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/138030 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2019-11358
DESCRIPTION:   jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/159633 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:   CVE-2020-11023
DESCRIPTION:   jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181350 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:   CVE-2020-11022
DESCRIPTION:   jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181349 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:   CVE-2021-21290
DESCRIPTION:   Netty could allow a local authenticated attacker to obtain sensitive information, caused by an insecure temp file in Unix-like systems. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197110 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2021-21295
DESCRIPTION:   Netty is vulnerable to HTTP request smuggling, caused by improper validation of Content-Length header by the Http2MultiplexHandler. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison a web-cache, perform an XSS attack, or obtain sensitive information from request.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197999 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:   CVE-2021-21409
DESCRIPTION:   Netty is vulnerable to request smuggling, caused by improper validation of request, caused by missing validation of content-length. By sending specially-crafted request, an attacker could exploit this vulnerability to poison a web-cache, perform an XSS attack, or obtain sensitive information from request.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199150 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2021-29425
DESCRIPTION:   Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199852 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2021-32640
DESCRIPTION:   WebSockets ws library for Node.js is vulnerable to a denial of service, caused by a regular expression denial of service (ReDOS) flaw in the in Sec-Websocket-Protocol header. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a slow down on the ws server, and results in a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202549 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-37136
DESCRIPTION:   Netty netty-codec is vulnerable to a denial of service, caused by not allow size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211777 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2021-37137
DESCRIPTION:   Netty netty-codec is vulnerable to a denial of service, caused by not restrict the chunk length in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause excessive memory usage, and results in a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211779 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2021-3765
DESCRIPTION:   validator.js is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw when calling the rtrim function. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212669 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2021-3807
DESCRIPTION:   Chalk ansi-regex module for Node.js is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/209596 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2021-3918
DESCRIPTION:   Json-schema could allow a remote attacker to execute arbitrary code on the system, caused by an improperly controlled modification of object prototype attributes. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213750 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2022-0235
DESCRIPTION:   Node.js node-fetch could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when fetching a remote url with Cookie. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217758 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)Version(s)
IBM Cloud Transformation Advisor2.0.1 - 3.0.0

Remediation/Fixes

Upgrade to 3.1.0 or later.

IBM Cloud Transformation Advisor can be installed from OperatorHub page in Red Hat OpenShift Container Platform or locally following this link.

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Change History

26 Apr 2022: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Document Location

Worldwide

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SS5Q6W","label":"IBM Cloud Transformation Advisor"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"3.1","Edition":""}]

Document Information

Modified date:
05 May 2022

UID

ibm16582695