IBM469CFBD132683CE047E03AE6F44D1B5FD559871BAEEC4425D934F770CFA4DBF3Security Bulletin: IBM Tealeaf Customer Experience PCA Web UI PHP security issues
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Summary
The IBM Tealeaf Customer Experience PCA Web UI uses a version of PHP with reported security issues.
Vulnerability Details
CVEID: CVE-2015-0273**
DESCRIPTION:** PHP could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in unserialize() with DateTimeZone. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101192 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVEID: CVE-2015-2783**
DESCRIPTION:** PHP could allow a remote attacker to obtain sensitive information, caused by a buffer over-read in the unserialize function. By persuading a victim to open a specially-crafted phar file, an attacker could exploit this vulnerability to leak memory on the system.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102411 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVEID: CVE-2015-2787**
DESCRIPTION:** PHP could allow a remote attacker to execute arbitrary code on the system, caused by an use-after-free error in the unserialize() function. By abusing the defined __wakeup() magic method, an attacker could exploit this vulnerability to execute arbitrary PHP code on the system.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101822 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2015-3411**
DESCRIPTION:** PHP could allow a remote attacker to bypass security restrictions, caused by the failure to properly handle file names containing a NULL character. An attacker could exploit this vulnerability using a path name containing null characters to bypass file system access restrictions.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104108 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVEID: CVE-2015-3412**
DESCRIPTION:** PHP could allow a remote attacker to bypass security restrictions, caused by the failure to properly handle file names containing a NULL character. An attacker could exploit this vulnerability using a path name containing null characters to bypass file system access restrictions.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104109 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVEID: CVE-2015-4024**
DESCRIPTION:** PHP is vulnerable to a denial of service, caused by an error when parsing malicious requests. By sending a specially-crafted HTTP POST request, an attacker could exploit this vulnerability to consume all available CPU resources.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com//vulnerabilities/103516 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2015-4025**
DESCRIPTION:** PHP could allow a remote attacker to bypass security restrictions, caused by the acceptance of a NULL value in a path by the set_include_path(), tempnam(), rmdir(), and readlink() functions. By sending a specially-crafted value, an attacker could exploit this vulnerability to bypass security controls.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com//vulnerabilities/103514 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID: CVE-2015-4598**
DESCRIPTION:** PHP could allow a remote attacker to bypass security restrictions, caused by the failure to properly handle file names containing a NULL character. An attacker could exploit this vulnerability using a path name containing null characters to bypass file system access restrictions.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104110 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVEID: CVE-2015-4642**
DESCRIPTION:** PHP could allow a remote attacker to execute arbitrary commands on the system, caused by an error in escapeshellarg. An attacker could exploit this vulnerability to inject and execute arbitrary commands on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103925 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVEID: CVE-2015-6831**
DESCRIPTION:** PHP could allow a remote attacker to execute arbitrary code on the system, caused by an use-after-free error in the unserialize() with SplDoublyLinkedList. By abusing the object, an attacker could exploit this vulnerability to execute arbitrary PHP code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106210 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2015-6834**
DESCRIPTION:** PHP could allow a remote attacker to execute arbitrary code on the system, caused by an use-after-free error in the unserialize() function with SplObjectStorage and SplDoublyLinkedList. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106363 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2015-6835**
DESCRIPTION:** PHP could allow a remote attacker to execute arbitrary code on the system, caused by an use-after-free error in the session deserializer. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106364 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2015-6837**
DESCRIPTION:** PHP could allow a remote attacker to execute arbitrary code on the system, caused by a NULL pointer dereference error. By sending specially crafted XSLT data, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106366 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2015-6838**
DESCRIPTION:** PHP could allow a remote attacker to execute arbitrary code on the system, caused by a NULL pointer dereference error. By sending specially crafted XSLT data, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106367 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
IBM Tealeaf Customer Experience v8.0-v9.0.2
Remediation/Fixes
Product
|
VRMF
|
Remediation/First Fix
—|—|—
IBM Tealeaf Customer Experience
|
9.0.2A
IBM Tealeaf Customer Experience
|
9.0.2
IBM Tealeaf Customer Experience
|
9.0.1A
IBM Tealeaf Customer Experience
|
9.0.1
IBM Tealeaf Customer Experience
|
9.0.0, 9.0.0A
| You can contact the Technical Support team for guidance.
IBM Tealeaf Customer Experience
|
8.8
IBM Tealeaf Customer Experience
|
8.7
IBM Tealeaf Customer Experience
|
8.6 and earlier
| You can contact the Technical Support team for guidance.
For v9.0.0, 9.0.0A, and versions before v8.7, IBM recommends upgrading to a later supported version of the product.
Workarounds and Mitigations
You can contact the Technical Support team for further guidance.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tealeaf customer experience | eq | any |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C