Security Bulletin
Summary
IBM Security Access Manager Appliance has addressed the following vulnerabilities.
Vulnerability Details
CVEID:
CVE-2017-15906
DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by an error in the process_open() function when in read-only mode. A remote authenticated attacker could exploit this vulnerability to create zero-length files and cause a denial of service.
CVSS Base Score: 6.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/133128
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID:
CVE-2018-1653
DESCRIPTION: IBM Security Access Manager Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/144726
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID:
CVE-2017-1000407
DESCRIPTION: Linux Kernel, built with the KVM virtualization(CONFIG_KVM) support, is vulnerable to a denial of service, caused by improper validation of user-supplied input at the diagnostic port. By flooding the diagnostic port 0x80, a remote authenticated attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 6.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/136235
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID:
CVE-2017-1000252
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an assertion failure in the KVM subsystem in arch/x86/kvm/vmx.c and virt/kvm/eventfd.c. By using a specially-crafted guest_irq value, a local authenticated attacker could exploit this vulnerability to cause the hypervisor hang or crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/132620
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID:
CVE-2017-18017
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in the tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c. By leveraging the presence of xt_TCPMSS in an iptables action, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 7.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/137122
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:
CVE-2017-12154
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by a flaw in the prepare_vmcs02 function in arch/x86/kvm/vmx.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain read and write access to the hardware CR8 register.
CVSS Base Score: 7.1
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/132621
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
CVEID:
CVE-2017-15670
DESCRIPTION: GNU C Library is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the glob function in glob.c. By sending a specially-crafted string, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/133915
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID:
CVE-2017-12132
DESCRIPTION: GNU C Library (aka glibc or libc6) could allow a remote attacker to conduct spoofing attacks, caused by a flaw in the DNS stub resolver. An attacker could exploit this vulnerability to perform off-path DNS spoofing attacks.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/129949
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:
CVE-2015-5180
DESCRIPTION: glibc is vulnerable to a denial of service, caused by a NULL pointer dereference in the res_query function in libresolv. By using a malformed pattern, a remote attacker could cause the process to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/130620
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:
CVE-2014-9402
DESCRIPTION: glibc is vulnerable to a denial of service, caused by an error in the getanswer_r() function. If the DNS backend is activated, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base Score: 4.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/99289
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVEID:
CVE-2017-16939
DESCRIPTION: Linux Kernel could allow a remote attacker to gain elevated privileges on the system, caused by an use-after-free in the Netlink socket subsystem XFRM. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain privileges.
CVSS Base Score: 9.8
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/135317
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:
CVE-2018-1740
DESCRIPTION: IBM Security Access Manager Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/148419
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVEID:
CVE-2018-1814
DESCRIPTION: IBM Security Access Manager Appliance uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Base Score: 5.9
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/150018
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID:
CVE-2018-1803
DESCRIPTION: IBM Security Access Manager Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
CVSS Base Score: 6.1
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/149702
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVEID:
CVE-2018-1804
DESCRIPTION: IBM Security Access Manager Appliance does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques.
CVSS Base Score: 3.7
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/149703
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID:
CVE-2018-1805
DESCRIPTION: IBM Security Access Manager Appliance generates an error message that includes sensitive information about its environment, users, or associated data.
CVSS Base Score: 4.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/149704
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID:
CVE-2018-1815
DESCRIPTION: IBM Security Access Manager for Enterprise Single-Sign On is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 6.1
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/150019
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVEID:
CVE-2018-1813
DESCRIPTION: IBM Security Access Manager Appliance uses incomplete blocklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity.
CVSS Base Score: 4.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/150017
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
CVEID:
CVE-2016-3506
DESCRIPTION: An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 8.1
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/115131
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:
CVE-2018-1886
DESCRIPTION: IBM Security Access Manager Appliance discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/152021
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID:
CVE-2018-1887
DESCRIPTION: IBM Security Access Manager Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
CVSS Base Score: 5.9
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/152078
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)
CVEID:
CVE-2016-3092
DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/114336
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:
CVE-2018-3646
DESCRIPTION: Multiple Intel CPU''s could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature. By conducting targeted cache side-channel attacks and via a terminal page fault, an attacker with guest OS privilege could exploit this vulnerability to leak information residing in the L1 data cache and read data belonging to different security contexts.
CVSS Base Score: 7.1
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/148319
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)
CVEID:
CVE-2018-3620
DESCRIPTION: Multiple Intel CPU''s could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature. By conducting targeted cache side-channel attacks and via a terminal page fault, an attacker could exploit this vulnerability to leak information residing in the L1 data cache and read data belonging to different security contexts. Note: This vulnerability is also known as the "L1 Terminal Fault (L1TF)" or "Foreshadow" attack.
CVSS Base Score: 7.1
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/148318
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)
CVEID:
CVE-2018-3639
DESCRIPTION: Multiple Intel CPU''s could allow a local attacker to obtain sensitive information, caused by utilizing sequences of speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known. By conducting targeted cache side-channel attacks, an attacker could exploit this vulnerability to bypass security restrictions and gain read access to privileged memory. Note: This vulnerability is the Speculative Store Bypass (SSB), also known as Variant 4 or "SpectreNG".
CVSS Base Score: 4.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/143569
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)
CVEID:
CVE-2017-3738
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. An attacker could exploit this vulnerability to obtain information about the private key. Note: In order to exploit this vulnerability, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701.
CVSS Base Score: 3.1
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/136078
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID:
CVE-2017-3736
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key.
CVSS Base Score: 5.9
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/134397
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
|
Affected IBM Security Access Manager Appliance |
Affected Versions |
| IBM Security Access Manager | 9.0.1.0 - 9.0.5.0 |
Remediation/Fixes
| Product | VRMF | APAR | Remediation |
| IBM Security Access Manager | 9.0.1.0 - 9.0.5.0 |
- |
1. For versions prior to 9.0.6.0, upgrade to 9.0.6.0: |
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Acknowledgement
Acknowledgement
IBM X-Force Ethical Hacking Team: Ron Craig, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza
Change History
11 December 2018: First Publish
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Internal Use Only
Fixes for the following Product Records
116330
115731
118045
118342
121189
119050
123131
120978
120979
120980
123133
123134
123136
123137
123138
123139
121379
Was this topic helpful?
Document Information
Modified date:
09 January 2019
UID
ibm10787785