Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.6

Vulnerability Details

CVEID:   CVE-2024-2398
DESCRIPTION:   cURL libcurl is vulnerable to a denial of service, caused by a memory leak when allowing HTTP/2 server push. By sending a specially crafted PUSH_PROMISE frames with an excessive amount of headers, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-401: Missing Release of Memory after Effective Lifetime
CVSS Source:   IBM X-Force
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2023-34453
DESCRIPTION:   snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle function. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-190: Integer Overflow or Wraparound
CVSS Source:   IBM X-Force
CVSS Base score:   5.9
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-26336
DESCRIPTION:   The Apache poi-scratchpad package is vulnerable to a denial of service, caused by an out of memory exception flaw in the HMEF package. By persuading a victim to open a specially crafted TNEF file, a remote attacker could exploit this vulnerability to cause the server to crash.
CWE:   CWE-401: Missing Release of Memory after Effective Lifetime
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2021-22570
DESCRIPTION:   Google Protocol Buffers is vulnerable to a denial of service, caused by a NULL pointer dereference when a null char is present in a proto symbol. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-476: NULL Pointer Dereference
CVSS Source:   IBM X-Force
CVSS Base score:   6.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-45490
DESCRIPTION:   libexpat could provide weaker than expected security, caused by the failure to reject a negative length for XML_ParseBuffer. By providing a negative length value to the XML_ParseBuffer function, a remote attacker could exploit this vulnerability to cause improper handling of XML data.
CWE:   CWE-190: Integer Overflow or Wraparound
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-45491
DESCRIPTION:   libexpat could allow a local attacker to execute arbitrary code on the system, caused by an integer overflow in the dtdCopy function in xmlparse.c. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CWE:   CWE-190: Integer Overflow or Wraparound
CVSS Source:   CISA ADP
CVSS Base score:   7.3
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2024-45492
DESCRIPTION:   libexpat could allow a local attacker to execute arbitrary code on the system, caused by an integer overflow in the nextScaffoldPart function in xmlparse.c. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CWE:   CWE-190: Integer Overflow or Wraparound
CVSS Source:   CISA ADP
CVSS Base score:   7.3
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2024-30203
DESCRIPTION:   GNU Emacs could provide weaker than expected security, caused by an issue with treating inline MIME contents as trusted. A remote attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:   CVE-2024-30205
DESCRIPTION:   GNU Emacs could provide weaker than expected security, caused by an issue with contents of remote files to be trusted in Org mode. A remote attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:   CVE-2024-39331
DESCRIPTION:   GNU Emacs could allow a remote attacker to execute arbitrary code on the system, caused by a code injection flaw in org-link-expand-abbrev in lisp/ol.el. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CWE:   CWE-94: Improper Control of Generation of Code ('Code Injection')
CVSS Source:   IBM X-Force
CVSS Base score:   7.8
CVSS Vector:   (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-34455
DESCRIPTION:   snappy-java is vulnerable to a denial of service, caused by the use of an unchecked chunk length in the hasNextChunk function. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-400: Uncontrolled Resource Consumption
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-43642
DESCRIPTION:   snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-34462
DESCRIPTION:   Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of heap for each channel during the TLS handshake the SniHandler class. By sending a specially crafted client hello packet, a remote authenticated attacker could exploit this vulnerability to cause a OutOfMemoryError and so result in a denial of service condition.
CWE:   CWE-400: Uncontrolled Resource Consumption
CVSS Source:   IBM X-Force
CVSS Base score:   6.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-44487
DESCRIPTION:   Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By sending numerous HTTP/2 requests and RST_STREAM frames over multiple streams, a remote attacker could exploit this vulnerability to cause a denial of service due to server resource consumption.
CWE:   CWE-400: Uncontrolled Resource Consumption
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-37371
DESCRIPTION:   MIT Kerberos 5 (aka krb5) is vulnerable to a denial of service, caused by an invalid memory reads during GSS message token handling. By sending specially crafted message tokens, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-1287: Improper Validation of Specified Type of Input
CVSS Source:   IBM X-Force
CVSS Base score:   6.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-6232
DESCRIPTION:   Python CPython is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw when parsing TarFile headers. By using specially crafted tar archives, a remote attacker could exploit this vulnerability to cause a denial of service. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
CWE:   CWE-1333: Inefficient Regular Expression Complexity
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-37370
DESCRIPTION:   MIT Kerberos 5 (aka krb5) could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request to modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, an attacker could exploit this vulnerability to cause the unwrapped token to appear truncated to the application.
CWE:   CWE-1220: Insufficient Granularity of Access Control
CVSS Source:   IBM X-Force
CVSS Base score:   7.4
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H)

CVEID:   CVE-2024-6923
DESCRIPTION:   Python CPython is vulnerable to email header injection, caused by the failure to properly quote newlines for email headers when serializing an email message. By persuading a victim to open a specially crafted email, a remote authenticated attacker could exploit this vulnerability to spoof sender identity, gain unauthorized email sending or loss of control over email communication.
CWE:   CWE-94: Improper Control of Generation of Code ('Code Injection')
CVSS Source:   CISA ADP
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)

CVEID:   CVE-2024-4032
DESCRIPTION:   An unspecified error with ipaddress considers some not globally reachable addresses global and vice versa in Python CPython has an unknown impact and attack vector.
CWE:   CWE-697: Incorrect Comparison
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2024-1459
DESCRIPTION:   Undertow could allow a remote attacker to traverse directories on the system, caused by improper validation of user requests. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CWE:   CWE-24: Path Traversal: '../filedir'
CVSS Source:   IBM X-Force
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2023-44483
DESCRIPTION:   Apache Santuario could allow a remote authenticated attacker to obtain sensitive information, caused by the storage of a private key in the log files when using the JSR 105 API. By gaining access to the log files, an attacker could exploit this vulnerability to obtain the private key information, and use this information to launch further attacks against the affected system.
CWE:   CWE-532: Insertion of Sensitive Information into Log File
CVSS Source:   IBM X-Force
CVSS Base score:   6.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2023-7256
DESCRIPTION:   libpcap is vulnerable to a denial of service, caused by a double-free during the setup of a remote packet capture. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-415: Double Free
CVSS Source:   CVE.org
CVSS Base score:   4.4
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-34454
DESCRIPTION:   snappy-java is vulnerable to a denial of service, caused by an integer overflow in the compress function. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-190: Integer Overflow or Wraparound
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-22102
DESCRIPTION:   An unspecified vulnerability in Oracle MySQL Connectors related to the Connector/J component could allow a remote attacker to cause high confidentiality, integrity and availability impacts.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   8.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)