Lucene search

K
ibmIBM697411C1D0B6EAAD03E8D2A5EB53C7D54B1A12C31BE0CB63F6EA92666FE7AECA
HistoryNov 16, 2023 - 3:31 p.m.

Security Bulletin: IBM Planning Analytics Workspace is affected but not considered vulnerable to multiple vulnerabilities

2023-11-1615:31:12
www.ibm.com
23
ibm planning analytics workspace
multiple vulnerabilities
node.js
redis
netty
jszip
google guava
golang go
apache xalan java xslt

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.7%

Summary

IBM Planning Analytics Workspace is affected but not classified as vulnerable to multiple vulnerabilities based on current information, in the following 3rd-party components: Node.js word-wrap (CVE-2023-26115), Node.js semver (CVE-2022-25883), Node,js dicer, (CVE-2022-24434), Redis (CVE-2022-24736, CVE-2022-24735, CVE-2021-31294) Netty (CVE-2023-34462), JSZip (CVE-2022-48285), Google Guava (CVE-2023-2976, CVE-2020-8908), Golang GO (CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405) and Apache Xalan Java XSLT (CVE-2022-34169). These 3rd-party components were upgraded to non-vulnerable versions in IBM Planning Analytics Workspace 2.0.91.

Vulnerability Details

CVEID:CVE-2023-26115
**DESCRIPTION:**Node.js word-wrap module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the result variable. By sending a specially crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256901 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2022-24736
**DESCRIPTION:**Redis is vulnerable to a denial of service, caused by a NULL pointer dereference. By loading a specially crafted Lua script, a local authenticated attacker could exploit this vulnerability to cause a crash of the redis-server process.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225345 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2022-24735
**DESCRIPTION:**Redis could allow a local authenticated attacker to execute arbitrary code on the system, caused by improper validation of user-supplied input by the Lua script execution environment. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code with the potentially higher privileges of another Redis user on the system.
CVSS Base score: 3.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225346 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)

CVEID:CVE-2023-34462
**DESCRIPTION:**Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of heap for each channel during the TLS handshake the SniHandler class. By sending a specially crafted client hello packet, a remote authenticated attacker could exploit this vulnerability to cause a OutOfMemoryError and so result in a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258713 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-48285
**DESCRIPTION:**JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when files are loaded with loadAsync, which makes the library vulnerable to a Zip Slip attack. By extracting files from a specially crafted archive, an attacker could gain access to parts of the file system outside of the target folder, overwrite the executable files and execute arbitrary commands on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244499 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2022-25883
**DESCRIPTION:**Node.js semver package is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the new Range function. By providing specially crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258647 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2023-2976
**DESCRIPTION:**Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java’s default temporary directory for file creation in FileBackedOutputStream. By sending a specially crafted request, an attacker could exploit this vulnerability to access the files in the default Java temporary directory, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258199 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2023-29403
**DESCRIPTION:**Golang Go could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw when a binary is run with the setuid/setgid bits. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges. to read or write contents of the registers.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/257653 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-29404
**DESCRIPTION:**Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when running “go get” on a malicious module. By sending a specially crafted request using linker flags, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/257654 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-29405
**DESCRIPTION:**Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when running “go get” on a malicious module. By sending a specially crafted request using linker flags, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/257655 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-29402
**DESCRIPTION:**Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by the generation of unexpected code at build time when using cgo. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/257652 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-24434
**DESCRIPTION:**Node.js dicer module is vulnerable to a denial of service. By sending a specially-crafted form to server, a remote attacker could exploit this vulnerability to crash the node.js service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227085 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-8908
**DESCRIPTION:**Guava could allow a remote authenticated attacker to bypass security restrictions, caused by a temp directory creation vulnerability in com.google.common.io.Files.createTempDir(). By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192996 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2022-34169
**DESCRIPTION:**The Apache Xalan Java XSLT library could allow a remote attacker to execute arbitrary code on the system, caused by an integer truncation issue when processing malicious XSLT stylesheets. By using specially crafted XSLT stylesheets, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/231489 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2021-31294
**DESCRIPTION:**Redis is vulnerable to a denial of service, caused by an assertion failure. By sending a specially crafted psync command, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262206 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Planning Analytics Workspace 2.0

Remediation/Fixes

It is strongly recommended that you apply the most recent security updates:

Affected Product(s) Version Fix
IBM Planning Analytics Workspace 2.0 Download IBM Planning Analytics Local v2.0: Planning Analytics Workspace Release 91 from Fix Central.

IBM Planning Analytics Workspace cloud environments have been remediated.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmplanning_analytics_localMatchany
CPENameOperatorVersion
ibm planning analytics localeqany

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.7%