IBM Support

Security Bulletin: IBM Tealeaf CX Passive Capture Application is vulnerable to a remotely exploitable OS command injection and local file inclusion (CVE-2013-6719 and CVE-2013-6720)

Security Bulletin


Summary

IBM Tealeaf CX Passive Capture Application is vulnerable to a remotely exploitable OS command injection and local file inclusion. These vulnerabilities may be exploited to compromise the host system.

Vulnerability Details

Two areas of vulnerability are found in the IBM Tealeaf CX Passive Capture Application (PCA) web console (PHP) Builds 3611 and 3620:

  • RCE (Remote Code Execution)
  • LFI (Local File Inclusion)
  • RCE vulnerability: A non-root level user can substitute the command-line parameter with a string of commands and run different commands. PHP code runs at the non-root user level.  This means there are very limited, non-critical operations that can be done.  

    PCA web console access is required to see the vulnerabilities.  If login authentication is enabled, someone needs to bypass the authentication to determine what the exploits are. The PCA web console is also not an externally exposed web application. It is primarily an IT management console that is only used by IT, and possibly the IBM Tealeaf Administrator managing their networks.

    LFI vulnerability: The LFI vulnerability allows for the ability to download files outside of files that are intended to be downloaded for customer support purposes (for example, log files).  Although you are able to change the parameters, you are not able to download any root level files. Therefore, this vulnerability is minimal.

    There are patches available for IBM Tealeaf CX Passive Capture Application Builds 3611 and 3620 to resolve these security vulnerabilities.

    CVEID: CVE-2013-6719
    Description: Remote OS command injection. 
    CVSS Base Score: 6.0
    CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/89228 for the current score
    CVSS Environmental Score*: Undefined
    CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P) 

    CVEID:
     CVE-2013-6720
    Description: Local File Inclusion. 
    CVSS Base Score: 5.5
    CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/89229 for the current score
    CVSS Environmental Score*: Undefined
    CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N)

    Affected Products and Versions

    IBM Tealeaf Customer Experience v8.0-v8.8

    Remediation/Fixes

    Product

    VRMF
    Remediation/First Fix
    IBM Tealeaf Customer Experience
    8.8
    https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=8.8_IBMTealeaf_PCA-3625-4_SecurityRollup_FixPack
    IBM Tealeaf Customer Experience
    8.7
    https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=8.7_IBMTealeaf_PCA-3615-4_SecurityRollup_FixPack
    IBM Tealeaf Customer Experience
    8.6 and earlier
    You can contact the Technical Support team for guidance.
    For versions before v8.7, IBM recommends upgrading to a later supported version of the product.

    Workarounds and Mitigations

    None.

    Get Notified about Future Security Bulletins

    References

    Off

    Acknowledgement

    The vulnerability was reported to IBM by Bryan Alexander of Coalfire Labs.

    Change History

    10 June 2016: Update Fix Central links
    03 February 2014 - Original publish date

    *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

    Disclaimer

    According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

    [{"Product":{"code":"SSERNK","label":"Tealeaf Customer Experience"},"Business Unit":{"code":"BU055","label":"Cognitive Applications"},"Component":"--","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"","label":""}}]

    Document Information

    Modified date:
    16 June 2018

    UID

    swg21667630