Security Bulletin
Summary
Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF036 and 24.0.0-IF002.
Vulnerability Details
CVEID: CVE-2024-38473
DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by an encoding flaw in mod_proxy. By sending specially crafted requests with incorrect encoding an attacker could exploit this vulnerability to bypass authentication validation.
CWE: CWE-116: Improper Encoding or Escaping of Output
CVSS Source: IBM X-Force
CVSS Base score: 8.1
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)
CVEID: CVE-2024-38474
DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by a substitution encoding issue in mod_rewrite. By sending a specially crafted request, an attacker could exploit this vulnerability to execute scripts in directories permitted by the configuration.
CWE: CWE-116: Improper Encoding or Escaping of Output
CVSS Source: IBM X-Force
CVSS Base score: 8.2
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVEID: CVE-2024-38475
DESCRIPTION: Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
CWE: CWE-116: Improper Encoding or Escaping of Output
CVSS Source: IBM X-Force
CVSS Base score: 9.1
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVEID: CVE-2024-38477
DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in mod_proxy. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-39573
DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by a flaw in the mod_rewrite. By sending a specially crafted request, an attacker could exploit this vulnerability to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2021-32052
DESCRIPTION: Django is vulnerable to HTTP header injection, caused by improper validation of input in URLValidator. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
CWE: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Source: IBM X-Force
CVSS Base score: 4.7
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)
CVEID: CVE-2024-4068
DESCRIPTION: Node.js braces module is vulnerable to a denial of service, caused by the failure to limit the number of characters it can handle. leading to a memory exhaustion in lib/parse.js. By sending imbalanced braces as input, the parsing will enter a loop causing the JavaScript heap limit to be reached, and the program will crash.
CWE: CWE-1050: Excessive Platform Resource Consumption within a Loop
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-6197
DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a memory allocation flaw in the utf8asn1str() function in the ASN1 parser. By using a specially crafted TLS certificate, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Source: IBM X-Force
CVSS Base score: 6.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-2379
DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw when wolfSSL library was built with the OPENSSL_COMPATIBLE_DEFAULTS symbol set. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass certificate verification for a QUIC connection.
CWE: CWE-295: Improper Certificate Validation
CVSS Source: IBM X-Force
CVSS Base score: 3.7
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2024-24792
DESCRIPTION: Golang tiff package is vulnerable to a denial of service, caused by improper input validatoin. By persuading a victim to open a specially crafted image with invalid color indices, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-1287: Improper Validation of Specified Type of Input
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-2398
DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a memory leak when allowing HTTP/2 server push. By sending a specially crafted PUSH_PROMISE frames with an excessive amount of headers, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-401: Missing Release of Memory after Effective Lifetime
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-45288
DESCRIPTION: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
CWE: CWE-202: Exposure of Sensitive Information Through Data Queries
CVSS Source: CISA ADP
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-2004
DESCRIPTION: cURL libcurl could allow a local attacker to bypass security restrictions, caused by a lfaw in the logic for removing protocols. By sending a specially crafted request, an attacker could exploit this vulnerability to use the disabled set of protocols.
CWE: CWE-436: Interpretation Conflict
CVSS Source: IBM X-Force
CVSS Base score: 3.7
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2024-6874
DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a macidn punycode buffer overread flaw in the URL API function curl_url_get(). By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CWE: CWE-125: Out-of-bounds Read
CVSS Source: IBM X-Force
CVSS Base score: 3.7
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2024-24789
DESCRIPTION: The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
CVSS Source: IBM X-Force
CVSS Base score: 6.2
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2024-0853
DESCRIPTION: cURL libcurl could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw with keeping the SSL session ID for connections in its cache even when the verify status (OCSP stapling) test failed. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass OCSP verification.
CWE: CWE-295: Improper Certificate Validation
CVSS Source: IBM X-Force
CVSS Base score: 3.8
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2024-2466
DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw when built to use mbedTLS. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass TLS certificate check.
CWE: CWE-297: Improper Validation of Certificate with Host Mismatch
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2024-4067
DESCRIPTION: Node.js micromatch module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in micromatch.braces() in index.js. By sending a specially crafted payload, a remote attacker could exploit this vulnerability to increase the consumption time until the application hangs or slows down.
CWE: CWE-1333: Inefficient Regular Expression Complexity
CVSS Source: CVE.org
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-6004
DESCRIPTION: libssh could allow a local authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the ProxyCommand handling. By sending a specially crafted request using hostname in expanded proxycommand, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CWE: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVSS Source: IBM X-Force
CVSS Base score: 4.8
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2023-6918
DESCRIPTION: libssh is vulnerable to a denial of service, caused by an unchecked return value flaw for the abstract layer for message digest (MD) operations. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-252: Unchecked Return Value
CVSS Source: IBM X-Force
CVSS Base score: 3.7
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-7008
DESCRIPTION: systemd is vulnerable to a man-in-the-middle attack, caused by a flaw with able to accept records of DNSSEC-signed domains even when they have no signature. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to manipulate records.
CWE: CWE-300: Channel Accessible by Non-Endpoint
CVSS Source: IBM X-Force
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2024-0727
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially crafted PKCS12 file, a remote attacker could exploit this vulnerability to cause the application to crash.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 3.1
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-25062
DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
CWE: CWE-416: Use After Free
CVSS Source: NVD
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-28182
DESCRIPTION: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.
CWE: CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source: security-advisories@github.com
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-28834
DESCRIPTION: GnuTLS could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the ECDSA code. By utilize Minerva attack techniques, an attacker could exploit this vulnerability to obtain private key information, and use this information to launch further attacks against the affected system.
CWE: CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2024-2961
DESCRIPTION: GNU C Library could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the ISO-2022-CN-EXT plugin. By sending specially crafted input, an attacker could exploit this vulnerability to overwrite critical data structures and execute arbitrary code on the system or cause the application to crash.
CWE: CWE-787: Out-of-bounds Write
CVSS Source: IBM X-Force
CVSS Base score: 8.8
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2024-33599
DESCRIPTION: glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests. By sending a subsequent client request, a remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system.
CWE: CWE-121: Stack-based Buffer Overflow
CVSS Source: IBM X-Force
CVSS Base score: 7.6
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)
CVEID: CVE-2024-33600
DESCRIPTION: glibc is vulnerable to a denial of service, caused by a NULL pointer dereference when the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache. A remote attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-33601
DESCRIPTION: glibc is vulnerable to a denial of service, caused by a memory allocation failure when the Name Service Cache Daemon's (nscd) netgroup cache uses the xmalloc or xrealloc functions. A local attacker could exploit this vulnerability to terminate the daemon.
CWE: CWE-617: Reachable Assertion
CVSS Source: IBM X-Force
CVSS Base score: 4
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-33602
DESCRIPTION: glibc is vulnerable to a denial of service, caused by a memory corruption by the Name Service Cache Daemon's (nscd) netgroup cache when the NSS callback fails to store all strings in the provided buffer. A local attacker could exploit this vulnerability to corrupt memory and cause a denial of service.
CWE: CWE-466: Return of Pointer Value Outside of Expected Range
CVSS Source: IBM X-Force
CVSS Base score: 4
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-29041
DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites.
CWE: CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CVSS Source: IBM X-Force
CVSS Base score: 6.1
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2024-38999
DESCRIPTION: jrburke requirejs could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the function s.contexts._.configure. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service.
CWE: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVSS Source: IBM X-Force
CVSS Base score: 9.8
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2024-38998
DESCRIPTION: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CWE: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVSS Source: IBM X-Force
CVSS Base score: 9.8
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2023-45289
DESCRIPTION: Golang Go could allow a remote attacker to obtain sensitive information, caused by a flaw when following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive headers information, and use this information to launch further attacks against the affected system.
CWE: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2024-24783
DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the crypto/x509 package when verifying a certificate chain. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause Certificate.Verify to panic, and results in a denial of service condition.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-45290
DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when parsing a multipart form in the net/textproto package. By sending a specially crafted input, a remote attacker could exploit this vulnerability to allocate arbitrarily large amounts of memory, and results in a denial of service condition.
CWE: CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2021-33813
DESCRIPTION: JDOM is vulnerable to a denial of service, caused by an XXE issue in SAXBuilder. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to cause the a denial of service.
CWE: CWE-611: Improper Restriction of XML External Entity Reference
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2022-33068
DESCRIPTION: HarfBuzz is vulnerable to an integer overflow in the component hb-ot-shape-fallback.cc. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CWE: CWE-190: Integer Overflow or Wraparound
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-21131
DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low integrity impact.
CVSS Source: IBM X-Force
CVSS Base score: 3.7
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2024-21138
DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause a low availability impact.
CVSS Source: IBM X-Force
CVSS Base score: 3.7
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-21140
DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality, low integrity impacts.
CWE: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS Source: IBM X-Force
CVSS Base score: 4.8
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2024-21145
DESCRIPTION: An unspecified vulnerability in Java SE related to the 2D component could allow a remote attacker to cause low confidentiality, low integrity impacts.
CVSS Source: IBM X-Force
CVSS Base score: 4.8
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2024-21147
DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts.
CWE: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS Source: IBM X-Force
CVSS Base score: 7.4
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVEID: CVE-2024-24784
DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the crypto/x509 package when verifying a certificate chain. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause Certificate.Verify to panic, and results in a denial of service condition.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.4
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2024-24785
DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the MarshalJSON methods in the html/template package. By sending a specially crafted request, an attacker could exploit this vulnerability to inject unexpected content into templates.
CWE: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVSS Source: IBM X-Force
CVSS Base score: 6.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID: CVE-2024-35235
DESCRIPTION: OpenPrinting CUPS could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw when starting the cupsd server with a Listen configuration item pointing to a symbolic link. An authenticated attacker could exploit this vulnerability to change permission of any user or system files to be world writable and execute arbitrary commands.
CWE: CWE-59: Improper Link Resolution Before File Access ('Link Following')
CVSS Source: IBM X-Force
CVSS Base score: 6.7
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2024-39689
DESCRIPTION: Certifi python-certifi could provide weaker than expected security, caused by the use of GLOBALTRUST root certificate. An attacker could exploit this vulnerability to launch further attacks on the system.
CWE: CWE-345: Insufficient Verification of Data Authenticity
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2023-44487
DESCRIPTION: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE: CWE-400: Uncontrolled Resource Consumption
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2021-3572
DESCRIPTION: pip package for python could allow a remote authenticated attacker to bypass security restrictions, caused by the improper handling of Unicode separators in git references. By creating a specially crafted tag, an attacker could exploit this vulnerability to install a different revision on a repository.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 4.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N)
CVEID: CVE-2024-24788
DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a high cpu usage in extractExtendedRCode function in the net module. By sending a specially crafted DNS message in response to a query, a remote attacker could exploit this vulnerability to cause an infinite loop.
CWE: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2024-24786
DESCRIPTION: Protocol Buffers protobuf-go is vulnerable to a denial of service, caused by an infinite loop flaw in the rotojson.Unmarshal function when unmarshaling certain forms of invalid JSON. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS Source: IBM X-Force
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-6387
DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a signal handler race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with root privileges on glibc-based Linux systems.
CWE: CWE-364: Signal Handler Race Condition
CVSS Source: IBM X-Force
CVSS Base score: 8.1
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by an encoding flaw in mod_proxy. By sending specially crafted requests with incorrect encoding an attacker could exploit this vulnerability to bypass authentication validation.
CWE: CWE-116: Improper Encoding or Escaping of Output
CVSS Source: IBM X-Force
CVSS Base score: 8.1
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)
CVEID: CVE-2024-38474
DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by a substitution encoding issue in mod_rewrite. By sending a specially crafted request, an attacker could exploit this vulnerability to execute scripts in directories permitted by the configuration.
CWE: CWE-116: Improper Encoding or Escaping of Output
CVSS Source: IBM X-Force
CVSS Base score: 8.2
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVEID: CVE-2024-38475
DESCRIPTION: Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
CWE: CWE-116: Improper Encoding or Escaping of Output
CVSS Source: IBM X-Force
CVSS Base score: 9.1
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVEID: CVE-2024-38477
DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in mod_proxy. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-39573
DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by a flaw in the mod_rewrite. By sending a specially crafted request, an attacker could exploit this vulnerability to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2021-32052
DESCRIPTION: Django is vulnerable to HTTP header injection, caused by improper validation of input in URLValidator. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
CWE: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Source: IBM X-Force
CVSS Base score: 4.7
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)
CVEID: CVE-2024-4068
DESCRIPTION: Node.js braces module is vulnerable to a denial of service, caused by the failure to limit the number of characters it can handle. leading to a memory exhaustion in lib/parse.js. By sending imbalanced braces as input, the parsing will enter a loop causing the JavaScript heap limit to be reached, and the program will crash.
CWE: CWE-1050: Excessive Platform Resource Consumption within a Loop
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-6197
DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a memory allocation flaw in the utf8asn1str() function in the ASN1 parser. By using a specially crafted TLS certificate, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Source: IBM X-Force
CVSS Base score: 6.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-2379
DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw when wolfSSL library was built with the OPENSSL_COMPATIBLE_DEFAULTS symbol set. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass certificate verification for a QUIC connection.
CWE: CWE-295: Improper Certificate Validation
CVSS Source: IBM X-Force
CVSS Base score: 3.7
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2024-24792
DESCRIPTION: Golang tiff package is vulnerable to a denial of service, caused by improper input validatoin. By persuading a victim to open a specially crafted image with invalid color indices, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-1287: Improper Validation of Specified Type of Input
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-2398
DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a memory leak when allowing HTTP/2 server push. By sending a specially crafted PUSH_PROMISE frames with an excessive amount of headers, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-401: Missing Release of Memory after Effective Lifetime
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-45288
DESCRIPTION: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
CWE: CWE-202: Exposure of Sensitive Information Through Data Queries
CVSS Source: CISA ADP
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-2004
DESCRIPTION: cURL libcurl could allow a local attacker to bypass security restrictions, caused by a lfaw in the logic for removing protocols. By sending a specially crafted request, an attacker could exploit this vulnerability to use the disabled set of protocols.
CWE: CWE-436: Interpretation Conflict
CVSS Source: IBM X-Force
CVSS Base score: 3.7
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2024-6874
DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a macidn punycode buffer overread flaw in the URL API function curl_url_get(). By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CWE: CWE-125: Out-of-bounds Read
CVSS Source: IBM X-Force
CVSS Base score: 3.7
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2024-24789
DESCRIPTION: The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
CVSS Source: IBM X-Force
CVSS Base score: 6.2
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2024-0853
DESCRIPTION: cURL libcurl could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw with keeping the SSL session ID for connections in its cache even when the verify status (OCSP stapling) test failed. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass OCSP verification.
CWE: CWE-295: Improper Certificate Validation
CVSS Source: IBM X-Force
CVSS Base score: 3.8
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2024-2466
DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw when built to use mbedTLS. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass TLS certificate check.
CWE: CWE-297: Improper Validation of Certificate with Host Mismatch
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2024-4067
DESCRIPTION: Node.js micromatch module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in micromatch.braces() in index.js. By sending a specially crafted payload, a remote attacker could exploit this vulnerability to increase the consumption time until the application hangs or slows down.
CWE: CWE-1333: Inefficient Regular Expression Complexity
CVSS Source: CVE.org
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-6004
DESCRIPTION: libssh could allow a local authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the ProxyCommand handling. By sending a specially crafted request using hostname in expanded proxycommand, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CWE: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVSS Source: IBM X-Force
CVSS Base score: 4.8
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2023-6918
DESCRIPTION: libssh is vulnerable to a denial of service, caused by an unchecked return value flaw for the abstract layer for message digest (MD) operations. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-252: Unchecked Return Value
CVSS Source: IBM X-Force
CVSS Base score: 3.7
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-7008
DESCRIPTION: systemd is vulnerable to a man-in-the-middle attack, caused by a flaw with able to accept records of DNSSEC-signed domains even when they have no signature. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to manipulate records.
CWE: CWE-300: Channel Accessible by Non-Endpoint
CVSS Source: IBM X-Force
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2024-0727
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially crafted PKCS12 file, a remote attacker could exploit this vulnerability to cause the application to crash.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 3.1
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-25062
DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
CWE: CWE-416: Use After Free
CVSS Source: NVD
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-28182
DESCRIPTION: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.
CWE: CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source: security-advisories@github.com
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-28834
DESCRIPTION: GnuTLS could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the ECDSA code. By utilize Minerva attack techniques, an attacker could exploit this vulnerability to obtain private key information, and use this information to launch further attacks against the affected system.
CWE: CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2024-2961
DESCRIPTION: GNU C Library could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the ISO-2022-CN-EXT plugin. By sending specially crafted input, an attacker could exploit this vulnerability to overwrite critical data structures and execute arbitrary code on the system or cause the application to crash.
CWE: CWE-787: Out-of-bounds Write
CVSS Source: IBM X-Force
CVSS Base score: 8.8
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2024-33599
DESCRIPTION: glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests. By sending a subsequent client request, a remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system.
CWE: CWE-121: Stack-based Buffer Overflow
CVSS Source: IBM X-Force
CVSS Base score: 7.6
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)
CVEID: CVE-2024-33600
DESCRIPTION: glibc is vulnerable to a denial of service, caused by a NULL pointer dereference when the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache. A remote attacker could exploit this vulnerability to cause a denial of service.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-33601
DESCRIPTION: glibc is vulnerable to a denial of service, caused by a memory allocation failure when the Name Service Cache Daemon's (nscd) netgroup cache uses the xmalloc or xrealloc functions. A local attacker could exploit this vulnerability to terminate the daemon.
CWE: CWE-617: Reachable Assertion
CVSS Source: IBM X-Force
CVSS Base score: 4
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-33602
DESCRIPTION: glibc is vulnerable to a denial of service, caused by a memory corruption by the Name Service Cache Daemon's (nscd) netgroup cache when the NSS callback fails to store all strings in the provided buffer. A local attacker could exploit this vulnerability to corrupt memory and cause a denial of service.
CWE: CWE-466: Return of Pointer Value Outside of Expected Range
CVSS Source: IBM X-Force
CVSS Base score: 4
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-29041
DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites.
CWE: CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CVSS Source: IBM X-Force
CVSS Base score: 6.1
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2024-38999
DESCRIPTION: jrburke requirejs could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the function s.contexts._.configure. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service.
CWE: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVSS Source: IBM X-Force
CVSS Base score: 9.8
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2024-38998
DESCRIPTION: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CWE: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVSS Source: IBM X-Force
CVSS Base score: 9.8
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2023-45289
DESCRIPTION: Golang Go could allow a remote attacker to obtain sensitive information, caused by a flaw when following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive headers information, and use this information to launch further attacks against the affected system.
CWE: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2024-24783
DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the crypto/x509 package when verifying a certificate chain. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause Certificate.Verify to panic, and results in a denial of service condition.
CWE: CWE-476: NULL Pointer Dereference
CVSS Source: IBM X-Force
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-45290
DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when parsing a multipart form in the net/textproto package. By sending a specially crafted input, a remote attacker could exploit this vulnerability to allocate arbitrarily large amounts of memory, and results in a denial of service condition.
CWE: CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2021-33813
DESCRIPTION: JDOM is vulnerable to a denial of service, caused by an XXE issue in SAXBuilder. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to cause the a denial of service.
CWE: CWE-611: Improper Restriction of XML External Entity Reference
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2022-33068
DESCRIPTION: HarfBuzz is vulnerable to an integer overflow in the component hb-ot-shape-fallback.cc. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CWE: CWE-190: Integer Overflow or Wraparound
CVSS Source: IBM X-Force
CVSS Base score: 5.5
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-21131
DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low integrity impact.
CVSS Source: IBM X-Force
CVSS Base score: 3.7
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2024-21138
DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause a low availability impact.
CVSS Source: IBM X-Force
CVSS Base score: 3.7
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2024-21140
DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality, low integrity impacts.
CWE: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS Source: IBM X-Force
CVSS Base score: 4.8
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2024-21145
DESCRIPTION: An unspecified vulnerability in Java SE related to the 2D component could allow a remote attacker to cause low confidentiality, low integrity impacts.
CVSS Source: IBM X-Force
CVSS Base score: 4.8
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2024-21147
DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts.
CWE: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVSS Source: IBM X-Force
CVSS Base score: 7.4
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVEID: CVE-2024-24784
DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the crypto/x509 package when verifying a certificate chain. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause Certificate.Verify to panic, and results in a denial of service condition.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 5.4
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2024-24785
DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the MarshalJSON methods in the html/template package. By sending a specially crafted request, an attacker could exploit this vulnerability to inject unexpected content into templates.
CWE: CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVSS Source: IBM X-Force
CVSS Base score: 6.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID: CVE-2024-35235
DESCRIPTION: OpenPrinting CUPS could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw when starting the cupsd server with a Listen configuration item pointing to a symbolic link. An authenticated attacker could exploit this vulnerability to change permission of any user or system files to be world writable and execute arbitrary commands.
CWE: CWE-59: Improper Link Resolution Before File Access ('Link Following')
CVSS Source: IBM X-Force
CVSS Base score: 6.7
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2024-39689
DESCRIPTION: Certifi python-certifi could provide weaker than expected security, caused by the use of GLOBALTRUST root certificate. An attacker could exploit this vulnerability to launch further attacks on the system.
CWE: CWE-345: Insufficient Verification of Data Authenticity
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2023-44487
DESCRIPTION: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE: CWE-400: Uncontrolled Resource Consumption
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2021-3572
DESCRIPTION: pip package for python could allow a remote authenticated attacker to bypass security restrictions, caused by the improper handling of Unicode separators in git references. By creating a specially crafted tag, an attacker could exploit this vulnerability to install a different revision on a repository.
CWE: CWE-20: Improper Input Validation
CVSS Source: IBM X-Force
CVSS Base score: 4.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N)
CVEID: CVE-2024-24788
DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a high cpu usage in extractExtendedRCode function in the net module. By sending a specially crafted DNS message in response to a query, a remote attacker could exploit this vulnerability to cause an infinite loop.
CWE: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS Source: IBM X-Force
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2024-24786
DESCRIPTION: Protocol Buffers protobuf-go is vulnerable to a denial of service, caused by an infinite loop flaw in the rotojson.Unmarshal function when unmarshaling certain forms of invalid JSON. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS Source: IBM X-Force
CVSS Base score: 5.9
CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-6387
DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a signal handler race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with root privileges on glibc-based Linux systems.
CWE: CWE-364: Signal Handler Race Condition
CVSS Source: IBM X-Force
CVSS Base score: 8.1
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) | Status |
| IBM Cloud Pak for Business Automation | V24.0.0 - V24.0.0-IF001 | Affected |
| IBM Cloud Pak for Business Automation | V23.0.2 - V23.0.2-IF006 V23.0.1 - V23.0.1-IF006 V22.0.2 - V22.0.2-IF006 V22.0.1 - V22.0.1-IF006 |
Affected |
| IBM Cloud Pak for Business Automation | V21.0.3 - V21.0.3-IF035 | Affected |
| IBM Cloud Pak for Business Automation | V21.0.1 - V21.0.2 V20.0.1 - V20.0.3 V19.0.1 - V19.0.3 V18.0.0 - V18.0.2 |
Affected |
Remediation/Fixes
| Affected Product(s) | Version(s) | Remediation / Fix |
| IBM Cloud Pak for Business Automation | V24.0.0 - V24.0.0-IF001 | Apply security fix 24.0.0-IF002 |
| IBM Cloud Pak for Business Automation | V23.0.2 - V23.0.2-IF006 V23.0.1 - V23.0.1-IF006 V22.0.2 - V22.0.2-IF006 V22.0.1 - V22.0.1-IF006 |
Upgrade and apply security fix 24.0.0-IF002 |
| IBM Cloud Pak for Business Automation | V21.0.3 - V21.0.3-IF035 | Apply security fix 21.0.3-IF036 or upgrade to 24.0.0-IF002 |
| IBM Cloud Pak for Business Automation | V21.0.1 - V21.0.2 V20.0.1 - V20.0.3 V19.0.1 - V19.0.3 V18.0.0 - V18.0.2 |
Upgrade to 21.0.3-IF036 or 24.0.0-IF002 |
Any open source library may be included in one or more sub-components of IBM Cloud Pak for Business Automation. Open source updates are not always synchronized across all components. The CVE in this bulletin are specifically addressed by
| CVE ID | Component |
| CVE-2021-33813 | Automation Decision Services |
| CVE-2022-33068 | Cloud Pak foundational services 4.6.5 used in 24.0.0-IF002 |
| CVE-2023-45288 | User Management Service Component |
| CVE-2023-45288 | User Management Service Component |
| CVE-2023-45288 | Demo Pattern |
| CVE-2023-45289 | User Management Service Component |
| CVE-2023-45289 | Cloud Pak foundational services 4.6.5 used in 24.0.0-IF002 |
| CVE-2023-45290 | User Management Service Component |
| CVE-2023-45290 | Cloud Pak foundational services 4.6.5 used in 24.0.0-IF002 |
| CVE-2023-6004 | User Management Service Component |
| CVE-2023-6918 | User Management Service Component |
| CVE-2023-7008 | User Management Service Component |
| CVE-2024-0853 | Demo Pattern |
| CVE-2024-2004 | Demo Pattern |
| CVE-2024-21131 | Cloud Pak foundational services 4.6.5 used in 24.0.0-IF002 |
| CVE-2024-21138 | Cloud Pak foundational services 4.6.5 used in 24.0.0-IF002 |
| CVE-2024-21140 | Cloud Pak foundational services 4.6.5 used in 24.0.0-IF002 |
| CVE-2024-21145 | Cloud Pak foundational services 4.6.5 used in 24.0.0-IF002 |
| CVE-2024-21147 | Cloud Pak foundational services 4.6.5 used in 24.0.0-IF002 |
| CVE-2024-2379 | Demo Pattern |
| CVE-2024-2398 | Demo Pattern |
| CVE-2024-2466 | Demo Pattern |
| CVE-2024-24783 | User Management Service Component |
| CVE-2024-24783 | Cloud Pak foundational services 4.6.5 used in 24.0.0-IF002 |
| CVE-2024-24784 | Cloud Pak foundational services 4.6.5 used in 24.0.0-IF002 |
| CVE-2024-24785 | Cloud Pak foundational services 4.6.5 used in 24.0.0-IF002 |
| CVE-2024-24786 | User Management Service Component |
| CVE-2024-24788 | Business Automation Workflow |
| CVE-2024-24789 | Demo Pattern |
| CVE-2024-24792 | Demo Pattern |
| CVE-2024-25026 | Operational Decision Manager Component |
| CVE-2024-25062 | User Management Service Component |
| CVE-2024-28182 | User Management Service Component |
| CVE-2024-28834 | User Management Service Component |
| CVE-2024-29041 | Automation Document Processing Component |
| CVE-2024-2961 | User Management Service Component |
| CVE-2024-33599 | User Management Service Component |
| CVE-2024-33600 | User Management Service Component |
| CVE-2024-33601 | User Management Service Component |
| CVE-2024-33602 | User Management Service Component |
| CVE-2024-35235 | Cloud Pak foundational services 4.6.5 used in 24.0.0-IF002 |
| CVE-2024-38473 | Business Automation Workflow |
| CVE-2024-38474 | Business Automation Workflow |
| CVE-2024-38475 | Business Automation Workflow |
| CVE-2024-38477 | Business Automation Workflow |
| CVE-2024-38998 | Business Automation Insights Core |
| CVE-2024-38999 | Business Automation Insights Core |
| CVE-2024-39573 | Business Automation Workflow |
| CVE-2024-39689 | Cloud Pak foundational services 4.6.5 used in 24.0.0-IF002 |
| CVE-2024-4067 | Automation Document Processing Component |
| CVE-2024-4068 | Automation Document Processing Component |
| CVE-2024-6197 | Demo Pattern |
| CVE-2024-6387 | Demo Pattern |
| CVE-2024-6874 | Demo Pattern |
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Off
Acknowledgement
Change History
04 Feb 2025: CVE details updated08 Sep 2024: Initial Publication
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.
Document Location
Worldwide
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS2JQC","label":"IBM Cloud Pak for Automation"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"18.0.0, 18.0.1,18.0.2,19.0.1,19.0.2,19.0.3,20.0.1,20.0.2,20.0.3,21.0.1,21.0.2,21.0.3,22.0.1,22.0.2, 23.0.1, 23.0.2","Edition":"","Line of Business":{"code":"LOB76","label":"Data Platform"}},{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBYVB","label":"IBM Cloud Pak for Business Automation"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"18.0.0, 18.0.1,18.0.2,19.0.1,19.0.2,19.0.3,20.0.1,20.0.2,20.0.3,21.0.1,21.0.2,21.0.3,22.0.1,22.0.2, 23.0.1, 23.0.2","Edition":"","Line of Business":{"code":"LOB76","label":"Data Platform"}}]
Was this topic helpful?
Document Information
Modified date:
14 April 2025
UID
ibm17167871