IBM8B02A952478468CAFF45ECD34A51EB0DF47F84879132BEC4612B8107733B27FFSecurity Bulletin: TADDM affected by vulnerabilities in UnZip.
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
53.5%
Summary
UnZip.exe is used by IBM Tivoli Application Dependency Discovery Manager and is vulnerable to CVE-2021-4217, CVE-2022-0529, CVE-2022-0530 (Publicly disclosed vulnerabilities)
Vulnerability Details
CVEID:CVE-2021-4217
**DESCRIPTION:**Info-ZIP UnZip could allow a remote attacker to execute arbitrary code on the system, caused by a NULL pointer dereference flaw in the handling of Unicode strings. By persuading a victim to open a specially-crafted .zip file, an attacker could exploit this vulnerability to execute arbitrary code or cause the system to crash.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234332 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2022-0529
**DESCRIPTION:**Unzip could allow a remote attacker to execute arbitrary code on the system, caused by a heap out-of-bounds write during the conversion of a wide string to a local string. By persuading a victim to open a specially-crafted zip file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219388 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2022-0530
**DESCRIPTION:**Unzip could allow a remote attacker to execute arbitrary code on the system, caused by a segmentation fault during the conversion of an utf-8 string to a local string. By persuading a victim to open a specially-crafted zip file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219387 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Tivoli Application Dependency Discovery Manager | 7.3.0.0 -7.3.0.9 |
Remediation/Fixes
TADDM FixPack 7.3.0.10 has been released, Please upgrade to 7.3.0.10 to resolve all known UnZip.exe vulnerabilities at the date of release.
In TADDM FixPack 7.3.0.10, PowerShell 5.1 or later has replaced the UnZip.exe and its functionalities.
This scenario is valid for Windows Discovery Server and Windows Anchor, and functionality can be accessed as per below command:
“Expand-Archive -Path <zip path> -DestinationPath <path>”
Please refer to below URL to download TADDM FixPack 7.3.0.10 for more information.
| Fix | How to acquire fix |
|---|---|
| 7.3-TIV-ITADDM-FP00010 | Download FixPack |
Please refer to below URL for TADDM FixPack 7.3.0.10 for more information.
<https://www.ibm.com/docs/en/taddm/7.3.0?topic=release-notes#relnotes__fp10>
Workarounds and Mitigations
None
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
53.5%