Lucene search

K
ibmIBM85CCF4DC45B1EE8DA200F0AEE7CD4059E7A4D262A840BF6010512FB79AE282C3
HistoryMay 08, 2023 - 5:50 p.m.

Security Bulletin: Tensorflow is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component

2023-05-0817:50:05
www.ibm.com
17
ibm maximo
monitor component
tensorflow
vulnerable
code execution
denial of service

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS

0.003

Percentile

68.9%

Summary

IBM Maximo Application Suite - Monitor Component uses Tensorflow which is vulnerable to security CVEs.

Vulnerability Details

CVEID:CVE-2022-23592
**DESCRIPTION:**TensorFlow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a heap out-of-bounds read in the index.php script. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218901 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)

CVEID:CVE-2022-23593
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a flaw in the simplifyBroadcast function when called with scalar shaped. A remote attacker could exploit this vulnerability to cause a segmentation fault.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218895 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-29216
**DESCRIPTION:**TensorFlow could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in the saved_model_cli tool. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227167 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-29208
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by incomplete validation in the tf.raw_ops.EditDistance implementation. A remote authenticated attacker could exploit this vulnerability to cause a segmentation fault.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227127 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-29193
**DESCRIPTION:**Tensorflow is vulnerable to a denial of service, caused by improper validation of user-supplied input by the tf.raw_ops.TensorSummaryV2 component. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227075 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-29195
**DESCRIPTION:**Tensorflow is vulnerable to a denial of service, caused by improper validation of user-supplied input by the tf.raw_ops.StagePeek component. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227073 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-29196
**DESCRIPTION:**Tensorflow is vulnerable to a denial of service, caused by improper validation of user-supplied input by the tf.raw_ops.Conv3DBackpropFilterV2 component. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227072 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-29197
**DESCRIPTION:**Tensorflow is vulnerable to a denial of service, caused by improper validation of user-supplied input by the tf.raw_ops.UnsortedSegmentJoin component. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227071 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-29198
**DESCRIPTION:**Tensorflow is vulnerable to a denial of service, caused by improper validation of user-supplied input by the tf.raw_ops.SparseTensorToCSRSparseMatrix component. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227070 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-29199
**DESCRIPTION:**Tensorflow is vulnerable to a denial of service, caused by improper validation of user-supplied input by the tf.raw_ops.LoadAndRemapMatrix component. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227069 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-29194
**DESCRIPTION:**Tensorflow is vulnerable to a denial of service, caused by improper validation of user-supplied input by the tf.raw_ops.DeleteSessionTensor component. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227074 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-29192
**DESCRIPTION:**Tensorflow is vulnerable to a denial of service, caused by improper validation of user-supplied input by the tf.raw_ops.QuantizeAndDequantizeV4Grad component. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227076 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-29191
**DESCRIPTION:**Tensorflow is vulnerable to a denial of service, caused by improper validation of user-supplied input by the tf.raw_ops.GetSessionTensor component. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227077 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-29200
**DESCRIPTION:**Tensorflow is vulnerable to a denial of service, caused by improper validation of user-supplied input by the tf.raw_ops.LSTMBlockCell component. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227068 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-29201
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by missing validation in the tf.raw_ops.QuantizedConv2D implementation. A local authenticated attacker could exploit this vulnerability to cause undefined behavior.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227153 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-29202
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by lack of validation in the tf.ragged.constant implementation. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227152 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-29203
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by an integer overflow in SpaceToBatchND. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227151 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-29204
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by missing validation in the tf.raw_ops.UnsortedSegmentJoin implementation. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227150 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-29205
**DESCRIPTION:*TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference in ParseDimensionValue in the py_value argument. By calling tf.compat.v1. ops which do not support quantized types, a local authenticated attacker could exploit this vulnerability to cause a segmentation fault.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227130 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-29206
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by missing validation in the tf.raw_ops.SparseTensorDenseAdd implementation. A local authenticated attacker could exploit this vulnerability to cause undefined behavior.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227129 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-29207
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by undefined behavior when users supply invalid resource handles. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227128 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-29209
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by incorrect logic when comparing size_t and int values in the macros for writing assertions. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227126 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-29211
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by improper input validation in the tf.histogram_fixed_width implementaiton when the values array contains NaN elements. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227112 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-29212
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by an assertion failure when loading TFLite models in the TFLite interpreter. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227111 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-29213
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by improper input validation in tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227110 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Maximo Application Suite - Monitor Component 8.8

Remediation/Fixes

Affected Product(s) Version(s)
IBM Maximo Application Suite - Monitor Component 8.9 or latest (available from the Catalog under Update Available)

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmaximo_application_suiteMatch8.8

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS

0.003

Percentile

68.9%

Related for 85CCF4DC45B1EE8DA200F0AEE7CD4059E7A4D262A840BF6010512FB79AE282C3