Security Bulletin: Vulnerabilities exists in IBM Netezza Analytics - NPS

Vulnerability Details

CVEID:   CVE-2023-52425
DESCRIPTION:   libexpat is vulnerable to a denial of service, caused by improper system resource allocation. By sending a specially crafted request using an overly large token, a remote attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-400: Uncontrolled Resource Consumption
CVSS Source:   IBM X-Force
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2021-26291
DESCRIPTION:   Apache Maven could allow a remote attacker to bypass security restrictions, caused by the use of http (non-SSL) repository references by default. By sending a specially-crafted request, an attacker could exploit this vulnerability to take over the repository or to insert themselves into a position to pretend to be that repository.
CWE:   CWE-346: Origin Validation Error
CVSS Source:   IBM X-Force
CVSS Base score:   9.1
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID:   CVE-2024-45492
DESCRIPTION:   An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
CWE:   CWE-190: Integer Overflow or Wraparound
CVSS Source:   NVD
CVSS Base score:   9.8
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2020-11023
DESCRIPTION:   In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE:   CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Source:   NVD
CVSS Base score:   6.1
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:   CVE-2020-11022
DESCRIPTION:   jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CWE:   CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Source:   IBM X-Force
CVSS Base score:   6.1
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:   CVE-2020-7656
DESCRIPTION:   jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the load method. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CWE:   CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Source:   IBM X-Force
CVSS Base score:   6.1
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:   CVE-2015-9251
DESCRIPTION:   jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CWE:   CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Source:   IBM X-Force
CVSS Base score:   6.1
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:   CVE-2012-6708
DESCRIPTION:   jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery(strInput) function. A remote attacker could exploit this vulnerability using the to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CWE:   CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Source:   IBM X-Force
CVSS Base score:   6.1
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:   CVE-2023-52426
DESCRIPTION:   libexpat is vulnerable to a denial of service, caused by an XML entity expansion flaw if XML_DTD is undefined at compile time. By compiling specially crafted XML input, a local attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVSS Source:   IBM X-Force
CVSS Base score:   5.1
CVSS Vector:   (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-28757
DESCRIPTION:   libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
CWE:   CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVSS Source:   NVD
CVSS Base score:   7.5
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2020-13151
DESCRIPTION:   Aerospike Community Edition could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw in the os.execute() function. By sending a specially crafted UDF, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CWE:   CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS Source:   IBM X-Force
CVSS Base score:   9.8
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2019-19391
DESCRIPTION:   LuaJIT could allow a local attacker to bypass security restrictions, caused by a type confusion in the debug.getinfo. By sending a specially-crafted command, an attacker could exploit this vulnerability to perform arbitrary memory write or read operations.
CWE:   CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CVSS Source:   IBM X-Force
CVSS Base score:   8.4
CVSS Vector:   (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2020-24372
DESCRIPTION:   LuaJIT is vulnerable to a denial of service, caused by out-of-bounds read in lj_err_run in lj_err.c. A remote attacker could exploit this vulnerability to cause a segmentation fault.
CWE:   CWE-125: Out-of-bounds Read
CVSS Source:   IBM X-Force
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2020-15890
DESCRIPTION:   LuaJIT is vulnerable to a denial of service, caused by the improper handling of __gc handler frame traversal. A remote attacker could exploit this vulnerability to trigger an out-of-bounds read and cause a segmentation fault.
CWE:   CWE-125: Out-of-bounds Read
CVSS Source:   IBM X-Force
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2020-35357
DESCRIPTION:   GNU Scientific Library is vulnerable to a buffer overflow, caused by improper bounds checking by the gsl_stats_quantile_from_sorted_data function when calculating the quantile value. By executing a specially crafted program, a local authenticated attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition.
CWE:   CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS Source:   IBM X-Force
CVSS Base score:   7.8
CVSS Vector:   (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)