IBM282DD93A6E3023292EEECC5D5C71E8CA4F4BFF5C0BD568E1D9B9FF7EF5FE7E01Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Expat, SQlite, libxml2, Libksba, zlib and GnuTLS
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
79.0%
Summary
Multiple issues were identified in Red Hat UBI (ubi8/ubi-minimal) v8.6-x packages Expat, SQlite, libxml2, Libksba, zlib and GnuTLS that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. These vulnerabilities have been addressed.
Vulnerability Details
CVEID:CVE-2022-23990
**DESCRIPTION:**Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the doProlog function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218206 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2020-35525
**DESCRIPTION:**SQlite is vulnerable to a denial of service, caused by a NULL pointer derreference flaw in the INTERSEC query processing. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235225 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-35527
**DESCRIPTION:**SQlite could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access flaw through ALTER TABLE for views that have a nested FROM clause… By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235226 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2016-3709
**DESCRIPTION:**GNOME libxml2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the KippoInput.class.php script. A remote attacker could exploit this vulnerability using the $file_link parameter to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 7.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/232446 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)
CVEID:CVE-2022-40674
**DESCRIPTION:**libexpat could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the doContent function in xmlparse.c. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236116 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2022-3515
**DESCRIPTION:**GnuPG Libksba could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the CRL parser. By sending a specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239062 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2022-37434
**DESCRIPTION:**zlib is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by inflate in inflate.c. By using a large gzip header extra field, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/232849 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID:CVE-2022-2509
**DESCRIPTION:**GnuTLS is vulnerable to a denial of service, caused by a double free flaw during the verification of pkcs7 signatures in gnutls_pkcs7_verify function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/232507 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM MQ Operator | LTS release 2.0.4 and CD release 2.1 |
| IBM supplied MQ Advanced container images | 9.3.0.1-r2 , 9.3.1.0-r1 and prior releases. |
Remediation/Fixes
Issues listed by this security bulletin are addressed in IBM MQ Operator 2.2.0 CD release that included IBM supplied MQ Advanced 9.3.1.0-r2 container images and IBM MQ Operator 2.0.5 LTS release that included IBM supplied MQ Advanced 9.3.0.1-r3 container images.
IBM MQ Operator 2.2.0 CD release details:
| Image | Fix Version | Registry | Image Location |
|---|---|---|---|
| ibm-mq-operator | 2.2.0 | icr.io | icr.io/cpopen/ibm-mq-operator@sha256:6a8c8be20a4bf86af5956b6398026c5fd383a60451c8a82099d6bca7fc33c577 |
| ibm-mqadvanced-server | 9.3.1.0-r2 | cp.icr.io | cp.icr.io/cp/ibm-mqadvanced-server@sha256:206056d4ee3a069f8bd5d37e5a7330c638c569e0e10fd77c969c54ddb9edbbef |
| ibm-mqadvanced-server-integration | 9.3.1.0-r2 | cp.icr.io | cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:c80fabcb6946283399d0692045a00ce68390d6aa30a5f7de383438098a02846c |
| ibm-mqadvanced-server-dev | 9.3.1.0-r2 | icr.io | icr.io/ibm-messaging/mq@sha256:ca3e4118c147ed30afd3e1c7ae0eacf7dbef3b79717e6a31d4a2c5795b9d60ac |
IBM MQ Operator 2.0.5 LTS release details:
| Image | Fix Version | Registry | Image Location |
|---|---|---|---|
| ibm-mq-operator | 2.0.5 | icr.io | icr.io/cpopen/ibm-mq-operator@sha256:c1ae1c30ee06c60c2d82933f7ccfbe7b598eec8bd12f9c9619d6ef761b85c462 |
| ibm-mqadvanced-server | 9.3.0.1-r3 | cp.icr.io | cp.icr.io/cp/ibm-mqadvanced-server@sha256:474a05145d69fbcd948bea2162865aa4c6563de60b1273e43cd988aa8c8f97eb |
| ibm-mqadvanced-server-integration | 9.3.0.1-r3 | cp.icr.io | cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:dcede4530546017be9066124aa90c702c8ff1616050e9269a643096b4018803f |
| ibm-mqadvanced-server-dev | 9.3.0.1-r3 | icr.io | icr.io/ibm-messaging/mq@sha256:e3e1bb84dc8fe7d149aa18723883d542cb0e090e292ecdfc3f250593b41fd94c |
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm mq certified container software | eq | 2.2.0 | |
| ibm mq certified container software | eq | 2.0.5 |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
79.0%