IBM10A1424787AB360D8DA17E0F4180FD1B3C456987BA37613E7E13EE950521FF97Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.774 High
EPSS
Percentile
98.2%
Summary
There were multiple Security Vulnerabilities that were reported against IBM Security Verify Access. These have been addressed in IBM Security Verify Access 10.0.7.0
Vulnerability Details
CVEID:CVE-2022-45688
**DESCRIPTION:**Hutool is vulnerable to a denial of service, caused by stack-based buffer overflow. By persuading a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242881 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-1370
**DESCRIPTION:**netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted input, a remote attacker could exploit this vulnerability to cause a stack exhaustion and crash the software.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249885 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2019-18276
**DESCRIPTION:**GNU Bash could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the disable_priv_mode in shell.c. By sending a specially-crafted command, an attacker could exploit this vulnerability to escalate privileges.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172331 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-39417
**DESCRIPTION:**PostgreSQL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the extension script. By sending a specially crafted request using @extowner@, @extschema@, or @extschema:…@ inside a quoting construct, an attacker could exploit this vulnerability to execute arbitrary code as the bootstrap superuser.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/263270 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H)
CVEID:CVE-2023-2454
**DESCRIPTION:**PostgreSQL could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in CREATE SCHEMA … schema_element. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code as the bootstrap superuser on the system.
CVSS Base score: 6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256215 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)
CVEID:CVE-2022-2625
**DESCRIPTION:**PostgreSQL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper control of the modification of dynamically-determined object attributes. By creating a specially-crafted object using at least one schema, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/233970 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-40225
**DESCRIPTION:**HAProxy is vulnerable to HTTP response splitting attacks, caused by an interpretation conflict. A remote attacker could exploit this vulnerability using empty Content-Length headers and cause the server to return a split response once the URL is clicked. This would allow the attacker to perform further attacks, such as cache poisoning, cross-site scripting, session hijacking, and possibly obtain sensitive information.
CVSS Base score: 7.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/263202 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)
CVEID:CVE-2020-11100
**DESCRIPTION:**HAProxy could allow remote authenticated attacker to execute arbitrary code on the system, caused by an error in hpack_dht_insert in hpack-tbl.c in the HPACK decoder. By sending a specially crafted HTTP/2 request, an attacker could exploit this vulnerability to write arbitrary bytes around a certain location on the heap.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179260 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2019-14241
**DESCRIPTION:**HAProxy is vulnerable to a denial of service, caused by a flaw in htx_manage_client_side_cookies in proto_htx.c. A local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164176 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2019-18277
**DESCRIPTION:**HAProxy could provide weaker than expected security, caused by a flaw in the legacy mode. A remote attacker could exploit this vulnerability to launch an HTTP request smuggling attack.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169992 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID:CVE-2023-24998
**DESCRIPTION:**Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247895 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2015-5237
**DESCRIPTION:**Google Protocol Buffers could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in MessageLite::SerializeToString. A remote attacker could exploit this vulnerability to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/105989 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID:CVE-2023-32697
**DESCRIPTION:**SQLite JDBC could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw when JDBC url is attacker controlled. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256159 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2022-1471
**DESCRIPTION:**SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Constructor class. By using a specially-crafted yaml content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241118 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L)
CVEID:CVE-2023-25725
**DESCRIPTION:**HAProxy is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1 header. By sending a specially-crafted HTTP request header, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247552 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID:CVE-2017-18342
**DESCRIPTION:**PyYAML could allow a remote attacker to execute arbitrary code on the system, caused by the failure to use yaml.safe_load in the yaml.load() API. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/145675 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2019-19330
**DESCRIPTION:**A mishandling of headers error in HTTP/2 implementation in HAProxy has an unknown impact via carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172250 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID:CVE-2022-41862
**DESCRIPTION:**PostgreSQL could allow a remote attacker to obtain sensitive information, caused by a client memory disclosure flaw. By sending an unterminated string during the establishment of Kerberos transport encryption, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/248100 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2023-2455
**DESCRIPTION:**PostgreSQL could allow a local authenticated attacker to bypass security restrictions, caused by a flaw with row security policies disregard user ID changes after inlining. By sending a specially crafted request, an attacker could exploit this vulnerability to allow incorrect policies to be applied.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256218 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Security Verify Access Appliance | 10.0.0.0 - 10.0.6.1 |
| IBM Security Verify Access Docker | 10.0.0.0 - 10.0.6.1 |
Remediation/Fixes
IBM encourages customers to update their systems promptly.
IBM Security Verify Access (Docker Container)
- Obtain the latest version of the container by running the command “docker pull icr.io/isva/verify-access:[tag]”
Where [tag] is the latest published version and can be confirmed here.
For the ISAM/ISVA appliances
- Obtain the latest version by obtaining the fix at the location shown below:
Affected Products and Versions
|
Fix availability
—|—
IBM Security Verify Access 10.0.0.0
|
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security verify access appliance | eq | 10.0.0.0 | |
| ibm security verify access appliance | eq | 10.0.6.1 |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.774 High
EPSS
Percentile
98.2%