Security Bulletin: Multiple security vulnerabilities affect IBM Robotic Process Automation

Summary

Python, Apache Spark, Tensorflow and Traefik contain multiple vulnerabilities and are used by IBM Robotic Process Automation as part of Watson NLP (CVE-2022-40898, CVE-2023-22946, CVE-2023-25658, CVE-2023-25659, CVE-2023-25660, CVE-2023-25661, CVE-2023-25662, CVE-2023-25663, CVE-2023-25664, CVE-2023-25665, CVE-2023-25666, CVE-2023-25667, CVE-2023-25668, CVE-2023-25669, CVE-2023-25670, CVE-2023-25671, CVE-2023-25672, CVE-2023-25673, CVE-2023-25674, CVE-2023-25675, CVE-2023-25676, CVE-2023-25801, CVE-2023-27579, CVE-2023-29013).

Vulnerability Details

CVEID:CVE-2022-40898
**DESCRIPTION:**Python Packaging Authority (PyPA) Wheel is vulnerable to a denial of service. A remote attacker could exploit this vulnerability using the WHEEL_INFO_RE regular expression to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/243027 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-22946
**DESCRIPTION:**Apache Spark could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw when using spark-submit. By providing specially crafted configuration-related classes on the classpath, an authenticated attacker could exploit this vulnerability to execute arbitrary code with the privileges of the submitting user…
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252824 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-25658
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by an out-of-bounds read in GRUBlockCellGrad. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251019 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-25659
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by an out-of-bounds read when the indices parameter in DynamicStitch does not match the data parameter. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251018 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-25660
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a segmentation fault when the summarize parameter in tf.raw_ops.Print is zero. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251017 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-25661
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by improper input validation by the Convolution3DTranspose function. By sending a specially crafted input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition on ML cloud services.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251123 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-25662
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by an integer overflow in EditDistance. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251016 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-25663
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference in the Lookup function when ctx->step_containter() is a NULL pointer. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251015 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-25664
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in TAvgPoolGrad. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251014 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-25665
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference when SparseSparseMaximum is given invalid sparse tensors as inputs. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251013 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-25666
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a floating point exception in AudioSpectrogram. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251012 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-25667
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by an integer overflow when 2^31 <= num_frames * height * width * channels < 2^32. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251011 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-25668
**DESCRIPTION:**TensorFlow could allow a remote attacker to execute arbitrary code on the system, caused by a heap-based buffer overflow. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251008 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-25669
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a floating point exception in tf.raw_ops.AvgPoolGrad when the stride and window size are not positive. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251007 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-25670
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference in QuantizedMatMulWithBiasAndDequantize when MKL is enabled. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251005 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-25671
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by an out-of-bounds read in ValueMap::Manager::GetValueOrCreatePlaceholder. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251004 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-25672
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference in tf.raw_ops.LookupTableImportV2. By sending a specially-crafted request using the values parameter, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251002 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-25673
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a floating point exception in TensorListSplit when XLA is enabled. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251001 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-25674
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference in RandomShuffle when XLA is enabled. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251000 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-25675
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a segmentation fault in tf.raw_ops.Bincount when running XLA. By sending a specially-crafted request using the weights parameter, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250998 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-25676
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference in tf.raw_ops.ParallelConcat when running XLA. By sending a specially-crafted request using the shape parameter, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250996 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-25801
**DESCRIPTION:**TensorFlow could allow a local attacker to execute arbitrary code on the system, caused by a double-free in nn_ops.fractional_avg_pool_v2 and nn_ops.fractional_max_pool_v2. By sending a specially-crafted request using the pooling_ratio parameter, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250995 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H)

CVEID:CVE-2023-27579
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a floating point exception when a tflite model with a paramater filter_input_channel of less than 1 is constructed. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251021 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-29013
**DESCRIPTION:**Traefik is vulnerable to a denial of service, caused by a flaw in HTTP header parsing. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252995 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H)

Affected Products and Versions

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

IBM Robotic Process Automation for Cloud Pak

| 23.0.0 - 23.0.8 | Update to 23.0.9 or higher using the following instructions.

Workarounds and Mitigations

None.