Security Bulletin: API Connect's Developer Portal is impacted by vulnerabilities in PHP

Summary

IBM API Connect has addressed the following vulnerability.

Vulnerability Details

CVEID:CVE-2019-11035
**DESCRIPTION:**PHP could allow a remote attacker to obtain sensitive information, caused by heap-based buffer overflow in the exif_iif_add_value function in the EXIF extension. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/159896 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H)

CVEID:CVE-2019-9022
**DESCRIPTION:**PHP could allow a remote attacker to obtain sensitive information, caused by a flaw in the dns_get_record function. By sending a specially-crafted DNS response, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/157969 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2019-11042
**DESCRIPTION:**PHP could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer overflow in the exif_read_data function. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/167296 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H)

CVEID:CVE-2019-9024
**DESCRIPTION:**PHP could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in xmlrpc_decode() function. By using specially-crafted input, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/157967 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2018-20783
**DESCRIPTION:**GAIN Electronic SAGA1-L8B could allow a remote attacker to bypass security restrictions, caused by an improper access control flaw. An attacker could exploit this vulnerability to force-pair the device.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/151856 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-9640
**DESCRIPTION:**PHP could allow a remote attacker to execute arbitrary code on the system, caused by an invalid read flaw in the exif_process_SOFn method. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/158120 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-9023
**DESCRIPTION:**PHP could allow a remote attacker to execute arbitrary code on the system, caused by a number of heap-based buffer over-read instances in mbstring regular expression functions. By sending a specially crafted argument, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/157968 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-11036
**DESCRIPTION:**PHP EXIF extension could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer overflow in the exif_process_IFD_TAG function. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition on the system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/160574 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

CVEID:CVE-2019-11040
**DESCRIPTION:**PHP could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer overflow in the exif_read_data function. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/161868 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H)

CVEID:CVE-2019-9639
**DESCRIPTION:**PHP could allow a remote attacker to execute arbitrary code on the system, caused by an uninitialized read flaw in the exif_process_IFD_in_MAKERNOTE method. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/158119 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-11039
**DESCRIPTION:**PHP is vulnerable to a denial of service, caused by an out-of-bounds read in the _php_iconv_mime_decode function in iconv.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash or obtain sensitive information.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/161867 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

CVEID:CVE-2019-11038
**DESCRIPTION:**PHP could allow a remote attacker to obtain sensitive information, caused by an uninitialized read in the gdImageCreateFromXbm function. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/161866 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2019-9638
**DESCRIPTION:**PHP could allow a remote attacker to execute arbitrary code on the system, caused by an uninitialized read flaw in the exif_process_IFD_in_MAKERNOTE method. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/158118 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-11041
**DESCRIPTION:**PHP could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer overflow in the exif_read_data function. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/167295 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H)

CVEID:CVE-2019-11034
**DESCRIPTION:**PHP could allow a remote attacker to obtain sensitive information, caused by heap-based buffer overflow in the exif_process_IFD_TAG function in the EXIF extension. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/159895 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H)

CVEID:CVE-2019-9021
**DESCRIPTION:**PHP could allow a remote attacker to execute arbitrary code on the system, caused by a heap-based buffer over-read in PHAR reading functions in the PHAR extension. By sending a specially crafted argument, an attacker could exploit this vulnerability to read allocated or unallocated memory past the actual data and execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/157974 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-9020
**DESCRIPTION:**PHP could allow a remote attacker to execute arbitrary code on the system, caused by a heap out of bounds read in the function xmlrpc_decode(). An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/157975 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-9637
**DESCRIPTION:**PHP could allow a remote attacker to obtain sensitive information, caused by a flaw in the implementation of rename function. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/158117 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2019-6977
**DESCRIPTION:**LibGD is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by gd_color_match.c. By persuading a victim to open a specially-crafted image data, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/156217 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

Remediation/Fixes

LI81270

|

Addressed in IBM API Connect v2018.4.1.10.

Developer Portal is impacted.

Follow this link and find the “Portal” package appropriate for your installation.

http://www.ibm.com/support/fixcentral/swg/quickorder

Workarounds and Mitigations

None