Security Bulletin
Summary
Ramda(CVE-2021-42581) is vulnerable to remote attackers to execute arbitrary code on the system, caused by a prototype pollution in functions. An attacker could exploit this vulnerability to execute arbitrary code on the system. Node-forge(CVE-2022-24773, 217313, CVE-2022-24771, CVE-2020-7720, CVE-2022-0122, CVE-2022-24772) is vulnerable to remote attackers to bypass security restrictions, caused by improper signature verification. Axios(CVE-2022-1214) is vulnerable to remote atackers to obtain sensitive information. Nginx(CVE-2021-46461, CVE-2021-46462, CVE-2021-46463) is vulnerable to remote atackers and denial service attacks caused by weaknesses in njs. Async(CVE-2021-43138) allow a remote attacker to execute arbitrary code on the system, caused by prototype pollution in the mapValues() method. Paramiko(CVE-2022-24302) is vulnerable to local attackers to obtain sensitive information caused by a race condition in the write_private_key_file function. Python(CVE-2022-26488) allow a local authenticated attacker to gain elevated privileges on the systemcaused by an issue when the search path is inadequately secured. Psutil(CVE-2019-18874) is vulnerable to a denial of service, caused by a double free, this vulnerability to cause the application to crash. dns-packet(CVE-2021-23386) could allow a remote authenticated attacker to obtain sensitive information, caused by an issue when creating buffers and does not always fill them before forming network packets. express-jwt(CVE-2020-15084) could allow a remote attacker to bypass security restrictions, caused by improper enforcement of algorithms. oslo.utils(CVE-2022-0718) could allow a remote authenticated attacker to obtain sensitive information, caused by improper character masking by the mask_passwords functions. Python-RSA(CVE-2020-13757, CVE-2020-25658) is vulnerable to denial of service attacks and remote attackers, caused by a flaw during the decryption of ciphertext and the Bleichenbacher timing attack. Minimist(CVE-2020-7598, CVE-2021-44906) could provide weaker than expected security, caused by a prototype pollution flaw, and could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in setKey() function in the index.js script. Reportlab(CVE-2020-28463) is vulnerable to server-side request forgery, caused by improper input validation. Ansible(CVE-2021-20180, CVE-2021-3533, CVE-2020-14330) could allow a local authenticated attacker to obtain sensitive information, caused by disclosure of information in the console log when using the bitbucket_pipeline_variable, by an improper output neutralization for logs and by a flaw in race condition in ansible's async code. NumPy(CVE-2021-34141, CVE-2021-41496) is vulnerable to a denial of service, caused by incomplete string comparison in the numpy.core component and by a buffer overflow in the array_from_pyobj function of fortranobject.c. Ljharb qs(CVE-2017-1000048) is vulnerable to a denial of service, caused by sending a specially-crafted request and by insufficient sanitization of property in the gs.parse function. Node.js debug module(CVE-2017-16137) is vulnerable to regular expression denial of service when passing untrusted user input.
Vulnerability Details
CVEID: CVE-2021-46461
DESCRIPTION: njs, as used in NGINX, could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in njs_vmcode_typeof in /src/njs_vmcode.c. An attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219731 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2021-42581
DESCRIPTION: Ramda could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the mapObjIndexed function. By supplying a specially-crafted object using the __proto__ argument, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226072 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2017-16137
DESCRIPTION: Node.js debug module is vulnerable to regular expression denial of service when passing untrusted user input. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/135678 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2021-46462
DESCRIPTION: njs, as used in NGINX, is vulnerable to a denial of service, caused by a flaw in njs_object_set_prototype in /src/njs_object.c. A remote attacker could exploit this vulnerability to cause a segmentation fault.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219730 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2021-44906
DESCRIPTION: Node.js Minimist module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in setKey() function in the index.js script. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222195 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2021-20180
DESCRIPTION: Ansible could allow a local authenticated attacker to obtain sensitive information, caused by disclosure of information in the console log when using the bitbucket_pipeline_variable. An attacker could exploit this vulnerability to steal bitbucket_pipeline credentials.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222527 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2021-43138
DESCRIPTION: Async could allow a remote attacker to execute arbitrary code on the system, caused by prototype pollution in the mapValues() method. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/223605 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2021-34141
DESCRIPTION: NumPy is vulnerable to a denial of service, caused by incomplete string comparison in the numpy.core component. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to fail the APIs.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/215944 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2021-41496
DESCRIPTION: NumPy is vulnerable to a denial of service, caused by a buffer overflow in the array_from_pyobj function of fortranobject.c. By constantly creating sort arrays, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/215807 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-1000048
DESCRIPTION: Ljharb qs is vulnerable to a denial of service. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/130305 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2022-24773
DESCRIPTION: Node.js node-forge module could allow a remote attacker to bypass security restrictions, caused by improper signature verification when checking DigestInfo for a proper ASN.1 structure. By using a specially-crafted signature with invalid structures but a valid digest, an attacker could exploit this vulnerability to bypass signature verification.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222174 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2022-24771
DESCRIPTION: Node.js node-forge module could allow a remote attacker to bypass security restrictions, caused by improper signature verification when checking the digestAlgorithm structure. By using a specially-crafted structure to steal padding bytes and uses unchecked portion of the PKCS#1 encoded message, an attacker could exploit this vulnerability to forge a signature when a low public exponent is being used.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222172 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2020-7720
DESCRIPTION: Node.js node-forge module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the util.setPath function. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/187620 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2022-0122
DESCRIPTION: Node.js node-forge could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216833 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)
CVEID: CVE-2022-24772
DESCRIPTION: Node.js node-forge module could allow a remote attacker to bypass security restrictions, caused by improper signature verification when checking for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. By sending a specially-crafted request with garbage data, an attacker could exploit this vulnerability to forge a signature when a low public exponent is being used.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222173 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2021-3533
DESCRIPTION: Ansible could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in race condition in ansible's async code. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203873 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N)
CVEID: CVE-2020-14330
DESCRIPTION: Ansible Engine could allow a local authenticated attacker to obtain sensitive information, caused by an improper output neutralization for logs flaw when using uri. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188183 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N)
CVEID: CVE-2021-44907
DESCRIPTION: Qs is vulnerable to a denial of service, caused by insufficient sanitization of property in the gs.parse function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222194 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2020-28463
DESCRIPTION: Python is vulnerable to server-side request forgery, caused by improper input validation. By using specially-crafted img tags, an attacker could exploit this vulnerability to conduct SSRF attack.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197036 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2020-7598
DESCRIPTION: minimist could provide weaker than expected security, caused by a prototype pollution flaw. By sending a specially crafted request, a remote attacker could exploit this vulnerability to add or modify properties of Object.prototype.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177780 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2020-13757
DESCRIPTION: Python-RSA is vulnerable to a denial of service, caused by a flaw during the decryption of ciphertext. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/182813 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2020-25658
DESCRIPTION: Python-RSA could allow a remote attacker to obtain sensitive information, caused by a Bleichenbacher timing attack. By sending a specially-crafted request using the RSA decryption API, an attacker could exploit this vulnerability to obtain parts of the cipher text encrypted with RSA, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191710 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2022-0718
DESCRIPTION: OpenStack oslo.utils could allow a remote authenticated attacker to obtain sensitive information, caused by improper character masking by the mask_passwords functions. By gaining access to the debug output, an attacker could exploit this vulnerability to obtain partial passwords, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222683 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2021-23386
DESCRIPTION: Node.js dns-packet module could allow a remote authenticated attacker to obtain sensitive information, caused by an issue when creating buffers with allocUnsafe and does not always fill them before forming network packets. By querying specially-crafted domain names, an attacker could exploit this vulnerability to obtain internal application memory information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202417 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L)
CVEID: CVE-2021-46463
DESCRIPTION: njs, as used in NGINX, could allow a remote attacker to execute arbitrary code on the system, caused by type confusion in njs_promise_perform_then(). An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219729 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2019-18874
DESCRIPTION: psutil is vulnerable to a denial of service, caused by a double free. By using specially-crafted data, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171612 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2022-24302
DESCRIPTION: Paramiko could allow a remote attacker to obtain sensitive information, caused by a race condition in the write_private_key_file function. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222109 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2022-26488
DESCRIPTION: Python could allow a local authenticated attacker to gain elevated privileges on the system, caused by an issue when the search path is inadequately secured. By sending a specially-crafted request to add user-writable directories to the system search path, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221120 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2020-15084
DESCRIPTION: express-jwt could allow a remote attacker to bypass security restrictions, caused by improper enforcement of algorithms entry in the configuration. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass authorization.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/184368 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2022-1214
DESCRIPTION: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225601 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
IBM X-Force ID: 217313
DESCRIPTION: Nodejs node-forge module could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217313 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
Affected Product(s) | Version(s) |
IBM Spectrum Discover | 2.0.4.0 |
IBM Spectrum Discover | 2.0.4.1 |
IBM Spectrum Discover | 2.0.4.2 |
IBM Spectrum Discover | 2.0.4.3 |
IBM Spectrum Discover | 2.0.4.4 |
IBM Spectrum Discover | 2.0.4.5 |
IBM Spectrum Discover | 2.0.4.6 |
Remediation/Fixes
IBM strongly recommends addressing the vulnerability now by upgrading.
Installed versions of IBM Spectrum Discover (2.0.4, 2.0.4.1, 2.0.4.2, 2.0.4.3, 2.0.4.4,2.0.4.5,2.0.4.6) can be upgraded to fixed version using IBM Spectrum Discover 2.0.4.7 upgrader. and following the steps provided in our documentation (IBM Spectrum Discover Documentation).
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Change History
27 Jul 2022: Initial Publication
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
23 August 2022
UID
ibm16614909