Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Summary

LibTIFF is used by IBM Robotic Process Automation for Cloud Pak as part of the .NET Core and Watson NLP (CVE-2022-48281, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, ). ncurses is used by IBM Robotic Process Automation for Cloud Pak as part of base container images, WebSphere Liberty and Watson NLP. (CVE-2023-29491). Dmidecode is used by IBM Robotic Process Automation for Cloud Pak as part of base container images and WebSphere Liberty. (CVE-2023-30630). Hugging Face Transformers is used by IBM Robotic Process Automation for Cloud Pak as part of the Watson NLP. (CVE-2023-2800). systemd is used by IBM Robotic Process Automation for Cloud Pak as part of base container images and WebSphere Liberty. (CVE-2023-26604). Python is used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP. (CVE-2022-48566). ISC BIND is used by IBM Robotic Process Automation for Cloud Pak as part of anti virus services and Watson NLP. (CVE-2023-3341). cURL libcurl is used by IBM Robotic Process Automation for Cloud Pak as part of the base container images, WebSphere Liberty and Watson NLP. (CVE-2023-28321). cups-libs is used by IBM Robotic Process Automation for Cloud Pak as part of the Watson NLP. (CVE-2023-32360). dotnet-runtime-6.0 is used by IBM Robotic Process Automation for Cloud Pak as part of the .NET runtime. (CVE-2023-38171).

Vulnerability Details

CVEID:CVE-2022-48281
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow in the processCropSelections function in tools/tiffcrop.c. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/245201 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-29491
**DESCRIPTION:**ncurses is vulnerable to a denial of service, caused by a memory corruption flaw when used by a setuid application. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253259 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-0800
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow when processing TIFF files in extractContigSamplesShifted16bits in tools/tiffcrop.c. By persuading a victim to open a specially-crafted TIFF file, a remote attacker could overflow a buffer and cause a denial of service.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247228 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H)

CVEID:CVE-2023-0801
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow when processing TIFF files in _TIFFmemcpy in libtiff/tif_unix.c. By persuading a victim to open a specially-crafted TIFF file, a remote attacker could overflow a buffer and cause a denial of service.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247227 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H)

CVEID:CVE-2023-0802
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow when processing TIFF files in extractContigSamplesShifted32bits in tools/tiffcrop.c. By persuading a victim to open a specially-crafted TIFF file, a remote attacker could overflow a buffer and cause a denial of service.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247225 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H)

CVEID:CVE-2023-0803
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow when processing TIFF files in extractContigSamplesShifted16bits in tiffcrop.c. By persuading a victim to open a specially-crafted TIFF file, a remote attacker could overflow a buffer and cause a denial of service.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247224 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H)

CVEID:CVE-2023-0804
**DESCRIPTION:**LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow when processing TIFF files in extractContigSamplesShifted24bits in tools/tiffcrop.c. By persuading a victim to open a specially-crafted TIFF file, a remote attacker could overflow a buffer and cause a denial of service.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247221 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H)

CVEID:CVE-2023-30630
**DESCRIPTION:**Dmidecode could allow a local authetnicated attacker to bypass security restrictions, caused by a flaw in the -dump-bin command. By sending a specially crafted request, an attacker could exploit this vulnerability to overwrite a local file.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253256 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L)

CVEID:CVE-2023-2800
**DESCRIPTION:**Hugging Face Transformers is vulnerable to a denial of service, caused by an insecure temporary file creation flaw in the tempfile.mktemp() function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255808 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-26604
**DESCRIPTION:**systemd could allow a local authenticated attacker to gain elevated privileges on the system, caused by the failure to set LESSSECURE to 1 in the configurations. By sending a specially crafted request, an attacker could exploit this vulnerability to gain root privileges on the system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249251 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)

CVEID:CVE-2022-48566
**DESCRIPTION:**Python could allow a local authenticated attacker to obtain sensitive information, caused by a constant-time-defeating optimisations issue in the compare_digest function in Lib/hmac.py. By sending a specially crafted request using the accumulator variable in hmac.compare_digest, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264548 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)

CVEID:CVE-2023-3341
**DESCRIPTION:**ISC BIND is vulnerable to a denial of service, caused by a stack exhaustion flaw in control channel code. By sending a specially crafted message over the control channel, a remote attacker could exploit this vulnerability to cause named to terminate.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266515 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-28321
**DESCRIPTION:**cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw when listed as “Subject Alternative Name” in TLS server certificates. By sending a specially crafted request, an attacker could exploit this vulnerability to accept mismatch wildcard patterns.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255625 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2023-32360
**DESCRIPTION:**Apple macOS Big Sur could allow a local attacker to obtain sensitive information, caused by an authentication issue in the CUPS component. An attacker could exploit this vulnerability to obtain recently printed documents and use this information to launch further attacks against the affected system.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255788 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2023-38171
**DESCRIPTION:**Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the QUIC component. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/267789 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

IBM Robotic Process Automation for Cloud Pak

| 23.0.0 - 23.0.11| Update to 23.0.12 or higher using the following instructions.

Workarounds and Mitigations

None