Security Bulletin: Vulnerabilities in PHP may affect IBM Spectrum Sentinel Anomaly Scan Engine (CVE-2021-21703, CVE-2021-21708, CVE-2021-21707, CVE-2022-31629, CVE-2022-31628)

Summary

Vulnerabilities in PHP may affect IBM Spectrum Sentinel Anomaly Scan Engine. Vulnerabilities include: PHP allowing remote attacker to execute arbitrary code, obtain sensitive information, local authenticated attacker gain elevated privileges on the system, cross-site request forgery and denial of service.

Vulnerability Details

CVEID:CVE-2022-31628
**DESCRIPTION:**PHP is vulnerable to a denial of service, caused by a flaw in the phar uncompressor code. By using a specially-crafted gzip file, a local authenticated attacker could exploit this vulnerability to cause an infinite loop, and results in a denial of service condition.
CVSS Base score: 2.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237533 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2022-31629
**DESCRIPTION:**PHP is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to set a standard insecure cookie in the browser. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVSS Base score: 5.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237534 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

CVEID:CVE-2021-21708
**DESCRIPTION:**PHP could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause the application to crash.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221046 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L)

CVEID:CVE-2021-21703
**DESCRIPTION:**PHP could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw when running PHP FPM SAPI with the main FPM daemon process running as root. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges as root.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212017 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2021-21707
**DESCRIPTION:**PHP could allow a remote attacker to obtain sensitive information, caused by a weakly configured XML parser. By using a specially-crafted filename containing URL-encoded NUL character, an attacker could exploit this vulnerability to read a different file than intended, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214167 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

IBM Spectrum Sentinel Anomaly Scan Engine |

Fixing Level

|

Platform

|

Link to Fix and Instructions

—|—|—|—

1.1.0-1.1.1

|

1.1.2

|

Linux

|

<https://www.ibm.com/support/pages/node/6841595&gt;

Please refer to IBM Spectrum Copy Data Management security bulletins for the Spectrum Copy Data Management vulnerabilities.

Workarounds and Mitigations

None