Security Bulletin: IBM InfoSphere Information Server is affected by an information disclosure vulnerability in Kubernetes (CVE-2021-25740)

2023-01-03T15:48:23

Description

## Summary An information disclosure vulnerability in Kubernetes used by IBM InfoSphere Information Server was addressed. ## Vulnerability Details ** CVEID: **[CVE-2021-25740](<https://vulners.com/cve/CVE-2021-25740>) ** DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to obtain sensitive information, caused by a confused deputy attack. By sending a specially-crafted request to create or edit Endpoints or EndpointSlices in the Kubernetes API, an attacker could exploit this vulnerability to obtain backend IPs information, and use this information to launch further attacks against the affected system. CVSS Base score: 3.1 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205570](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205570>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N) ## Affected Products and Versions Affected Product(s)| Version(s) ---|--- InfoSphere Information Server, Information Server on Cloud| 11.7 Note: New suite installations of Information Server 11.7.1.4 are not vulnerable but installations upgraded to 11.7.1.4 may be vulnerable. ## Remediation/Fixes None ## Workarounds and Mitigations You can check whether your installation is affected by running the following command: ` $ if kubectl get clusterrole system:aggregate-to-edit -oyaml | grep -q endpoints; then echo 'Affected'; else echo 'Not affected'; fi` Run the following commands to apply the fix: $ kubectl get clusterrole system:aggregate-to-edit -oyaml > /tmp/aggregate-to-edit-role.bak $ sed '/endpoints/d' /tmp/aggregate-to-edit-role.bak | kubectl replace -f - The commands need only be applied once; the effect is not affected when subsequent patches are installed. ` ` ##

Affected Software

CPE Name	Name	Version
	ibm infosphere information server	11.7

{"id": "B4E12AA3CE4193262A9DF3C5474F1D893F017C72C33ACAB2F460D842DA4B5705", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: IBM InfoSphere Information Server is affected by an information disclosure vulnerability in Kubernetes (CVE-2021-25740)", "description": "## Summary\n\nAn information disclosure vulnerability in Kubernetes used by IBM InfoSphere Information Server was addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-25740](<https://vulners.com/cve/CVE-2021-25740>) \n** DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to obtain sensitive information, caused by a confused deputy attack. By sending a specially-crafted request to create or edit Endpoints or EndpointSlices in the Kubernetes API, an attacker could exploit this vulnerability to obtain backend IPs information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205570](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205570>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nInfoSphere Information Server, \nInformation Server on Cloud| 11.7 \n \nNote: New suite installations of Information Server 11.7.1.4 are not vulnerable but installations upgraded to 11.7.1.4 may be vulnerable.\n\n \n\n\n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\nYou can check whether your installation is affected by running the following command: \n\n` $ if kubectl get clusterrole system:aggregate-to-edit -oyaml | grep -q endpoints; then echo 'Affected'; else echo 'Not affected'; fi`\n\nRun the following commands to apply the fix:\n \n \n $ kubectl get clusterrole system:aggregate-to-edit -oyaml > /tmp/aggregate-to-edit-role.bak\n \n \n $ sed '/endpoints/d' /tmp/aggregate-to-edit-role.bak | kubectl replace -f -\n\n \nThe commands need only be applied once; the effect is not affected when subsequent patches are installed. \n \n` `\n\n## ", "published": "2023-01-03T15:48:23", "modified": "2023-01-03T15:48:23", "epss": [{"cve": "CVE-2021-25740", "epss": 0.00077, "percentile": 0.31869, "modified": "2023-12-06"}], "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.5}, "severity": "LOW", "exploitabilityScore": 6.8, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW"}, "exploitabilityScore": 1.6, "impactScore": 1.4}, "href": "https://www.ibm.com/support/pages/node/6852449", "reporter": "IBM", "references": [], "cvelist": ["CVE-2021-25740"], "immutableFields": [], "lastseen": "2023-12-06T18:29:41", "viewCount": 10, "enchantments": {"score": {"value": 0.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-25740"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-25740"]}, {"type": "github", "idList": ["GHSA-VW47-MR44-3JF9"]}, {"type": "gitlab", "idList": ["GITLAB-094A722E0386F6BB60AA14086479E7C6"]}, {"type": "ibm", "idList": ["05A10CDA907320B6DB01BEC9A9A6FE74504CD4C28215990CCBC80A14ADF57657", "E05CC151FBA87195514CB65A3CB00BD8B2697F1C08602EC6A35EBF3E97CE31AB"]}, {"type": "osv", "idList": ["OSV:GHSA-VW47-MR44-3JF9"]}, {"type": "prion", "idList": ["PRION:CVE-2021-25740"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-25740"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-25740"]}, {"type": "veracode", "idList": ["VERACODE:32185"]}]}, "affected_software": {"major_version": [{"name": "ibm infosphere information server", "version": 11}]}, "epss": [{"cve": "CVE-2021-25740", "epss": 0.00092, "percentile": 0.38147, "modified": "2023-05-01"}], "vulnersScore": 0.1}, "_state": {"score": 1701887866, "dependencies": 1701890469, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "2ec3544e4e3c99cba5119abb236415e9"}, "affectedSoftware": [{"version": "11.7", "operator": "eq", "name": "ibm infosphere information server"}]}

{"veracode": [{"lastseen": "2022-06-10T17:03:59", "description": "github.com/kubernetes/kubernetes is vulnerable to cross-site request forgery. Backend IPs to ExternalName Services are exposed to ExternalName Services as it allows attackers to send network traffic to restricted locations.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-09-21T06:26:48", "type": "veracode", "title": "Cross-Site Request Forgery (CSRF)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25740"], "modified": "2021-11-06T06:11:51", "id": "VERACODE:32185", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-32185/summary", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}], "gitlab": [{"lastseen": "2022-06-09T23:13:59", "description": "A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-09-21T00:00:00", "type": "gitlab", "title": "Externally Controlled Reference to a Resource in Another Sphere", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25740"], "modified": "2021-09-21T00:00:00", "id": "GITLAB-094A722E0386F6BB60AA14086479E7C6", "href": "https://gitlab.com/api/v4/projects/12006272/repository/files/go%2Fk8s.io%2Fkubernetes%2FCVE-2021-25740.yml/raw", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}], "prion": [{"lastseen": "2023-11-22T00:42:11", "description": "A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-09-20T17:15:00", "type": "prion", "title": "Security feature bypass", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25740"], "modified": "2021-11-06T02:49:00", "id": "PRION:CVE-2021-25740", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-25740", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}], "github": [{"lastseen": "2023-12-06T17:29:19", "description": "A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-09-21T18:28:30", "type": "github", "title": "Confused Deputy in Kubernetes", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25740"], "modified": "2023-02-01T05:06:20", "id": "GHSA-VW47-MR44-3JF9", "href": "https://github.com/advisories/GHSA-vw47-mr44-3jf9", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}], "ubuntucve": [{"lastseen": "2023-12-07T13:56:21", "description": "A security issue was discovered with Kubernetes that could enable users to\nsend network traffic to locations they would otherwise not have access to\nvia a confused deputy attack.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[leosilva](<https://launchpad.net/~leosilva>) | kubernates is in fact a kubernetes installer that calls snap, not the package it self.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-09-20T00:00:00", "type": "ubuntucve", "title": "CVE-2021-25740", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25740"], "modified": "2021-09-20T00:00:00", "id": "UB:CVE-2021-25740", "href": "https://ubuntu.com/security/CVE-2021-25740", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}], "osv": [{"lastseen": "2022-05-11T21:40:55", "description": "A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2021-09-21T18:28:30", "type": "osv", "title": "Confused Deputy in Kubernetes", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25740"], "modified": "2021-09-21T14:54:49", "id": "OSV:GHSA-VW47-MR44-3JF9", "href": "https://osv.dev/vulnerability/GHSA-vw47-mr44-3jf9", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2023-12-06T14:46:43", "description": "A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-09-20T17:15:00", "type": "cve", "title": "CVE-2021-25740", "cwe": ["CWE-610"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25740"], "modified": "2021-11-06T02:49:00", "cpe": ["cpe:/a:kubernetes:kubernetes:-"], "id": "CVE-2021-25740", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25740", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:*"]}], "ibm": [{"lastseen": "2023-12-06T18:54:07", "description": "## Summary\n\nIBM Cloud Kubernetes Service is affected by an endpoint resource security design flaw in Kubernetes. If a potential attacker can create or edit Endpoints or EndpointSlices in the Kubernetes API, they can potentially direct a LoadBalancer or Ingress implementation to expose backend IPs the attacker should not have access to (CVE-2021-25740).\n\n## Vulnerability Details\n\nCVEID: [CVE-2021-25740](<https://vulners.com/cve/CVE-2021-25740>) \nDescription: Kubernetes could allow a remote authenticated attacker to obtain sensitive information, caused by a confused deputy attack. By sending a specially-crafted request to create or edit Endpoints or EndpointSlices in the Kubernetes API, an attacker could exploit this vulnerability to obtain backend IPs information, and use this information to launch further attacks against the affected system. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/205570 for more information \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Cloud Kubernetes Service: All versions\n\n## Remediation/Fixes\n\nThis is a design flaw in Kubernetes that has not been fully mitigated.\n\n## Workarounds and Mitigations\n\nRun the following command against your cluster to check if the mitigation has been applied. By default, IBM Cloud Kubernetes Service clusters **created** with version 1.22 or later have the mitigation. Clusters upgraded to version 1.22 or later are **not** automatically fixed.\n \n \n kubectl get clusterrole system:aggregate-to-edit -o jsonpath='{.rules}' | grep endpoints\n\nIf the command output **does not** contain `endpoints`, then your cluster **has** the mitigation. **No further action is required.**\n\nIf the command output **does** contain `endpoints`, then continue with the mitigation steps.\n\n**Mitigation: All IBM Cloud Kubernetes Service versions**\n\nRemove the `endpoints` permission from the `system:aggregate-to-edit` cluster role.\n \n \n kubectl edit clusterrole/system:aggregate-to-edit\n \n\nNext, follow the appropriate instructions below based on your cluster version.\n\n**Mitigation: IBM Cloud Kubernetes Service versions 1.21 and earlier**\n\nPrevent [Kubernetes from reconciling the permissions](<https://kubernetes.io/docs/reference/access-authn-authz/rbac/#auto-reconciliation>) of the `system:aggregate-to-edit` cluster role.\n \n \n kubectl annotate --overwrite clusterrole/system:aggregate-to-edit rbac.authorization.kubernetes.io/autoupdate=false\n \n\nWhen you are ready to upgrade your cluster to version 1.22, be sure to follow [1.22 version information and update actions](<https://cloud.ibm.com/docs/containers?topic=containers-cs_versions_122>) which provides instructions for allowing Kubernetes to reconcile permissions again.\n\n**Mitigation: IBM Cloud Kubernetes Service versions 1.22 and later**\n\nIf your cluster does not require any customizations to the `system:aggregate-to-edit` cluster role, besides removing the `endpoints` permission, allow [Kubernetes to reconcile the permissions](<https://kubernetes.io/docs/reference/access-authn-authz/rbac/#auto-reconciliation>).\n \n \n kubectl annotate --overwrite clusterrole/system:aggregate-to-edit rbac.authorization.kubernetes.io/autoupdate=true\n \n\n## Monitor IBM Cloud Status for Future Security Bulletins\n\nMonitor the [security notifications](<https://cloud.ibm.com/status?selected=security>) on the IBM Cloud Status page to be advised of future security bulletins.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[[Security Advisory] CVE-2021-25740: Endpoint & EndpointSlice permissions allow cross-Namespace forwarding](<https://groups.google.com/g/kubernetes-security-announce/c/WYE9ptrhSLE/m/EODhNR9yAQAJ>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSJTBP\",\"label\":\"IBM Cloud Kubernetes Service and Red Hat OpenShift on IBM Cloud\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB21\",\"label\":\"Public Cloud Platform\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2022-06-08T22:01:11", "type": "ibm", "title": "Security Bulletin: IBM Cloud Kubernetes Service is affected by an endpoint resource security design flaw in Kubernetes (CVE-2021-25740)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25740"], "modified": "2022-06-08T22:01:11", "id": "05A10CDA907320B6DB01BEC9A9A6FE74504CD4C28215990CCBC80A14ADF57657", "href": "https://www.ibm.com/support/pages/node/6574821", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-12-06T17:53:14", "description": "## Summary\n\nNetcool Operations Insight v1.6.10 addresses multiple security vulnerabilities, listed in the CVEs below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-25647](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217225>) \n** DESCRIPTION: **Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace() method, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217225](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217225>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H) \n \n** CVEID: **[CVE-2023-33955](<https://exchange.xforce.ibmcloud.com/vulnerabilities/256601>) \n** DESCRIPTION: **MinIO Console could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when using object names with RIGHT-TO-LEFT OVERRIDE unicode character. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/256601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/256601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-40897](<https://exchange.xforce.ibmcloud.com/vulnerabilities/243028>) \n** DESCRIPTION: **Pypa Setuptools is vulnerable to a denial of service, caused by improper input validation. By sending request with a specially crafted regular expression, an remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/243028](<https://exchange.xforce.ibmcloud.com/vulnerabilities/243028>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36090](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' zip package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205310](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205310>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-11771](<https://exchange.xforce.ibmcloud.com/vulnerabilities/148429>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by the failure to return the correct EOF indication after the end of the stream has been reached by the ZipArchiveInputStream method. By reading a specially crafted ZIP archive, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/148429](<https://exchange.xforce.ibmcloud.com/vulnerabilities/148429>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-35515](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205304>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw in the construction of the list of codecs that decompress an entry. By persuading a victim to open a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205304>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35516](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205306>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By reading a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' sevenz package. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205306](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205306>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-35517](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress' tar package. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205307>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-13956](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189572>) \n** DESCRIPTION: **Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189572](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189572>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2021-29425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) \n** DESCRIPTION: **Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-25740](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205570>) \n** DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to obtain sensitive information, caused by a confused deputy attack. By sending a specially-crafted request to create or edit Endpoints or EndpointSlices in the Kubernetes API, an attacker could exploit this vulnerability to obtain backend IPs information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205570](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205570>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-3172](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236344>) \n** DESCRIPTION: **Kubernetes kube-apiserver is vulnerable to server-side request forgery, caused by a flaw with allowing an aggregated API server to redirect client traffic to any URL. By sending a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to unexpected actions and the client's API server credentials to third parties. \nCVSS Base score: 5.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236344](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236344>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2023-1436](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250490>) \n** DESCRIPTION: **Jettison is vulnerable to a denial of service, caused by an infinite recursion when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/250490](<https://exchange.xforce.ibmcloud.com/vulnerabilities/250490>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-36083](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235579>) \n** DESCRIPTION: **Node.js jose module is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request using the p2c JOSE Header Parameter, a remote attacker could exploit this vulnerability to consume unreasonable amount of CPU time, and results in a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235579](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235579>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2023-2251](<https://exchange.xforce.ibmcloud.com/vulnerabilities/253642>) \n** DESCRIPTION: **YAML is vulnerable to a denial of service, caused by an uncaught exception in the parseDocument and parseAllDocuments functions. By sending a specially crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/253642](<https://exchange.xforce.ibmcloud.com/vulnerabilities/253642>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-43809](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214794>) \n** DESCRIPTION: **RubyGems Bundler package could allow a local authenticated attacker to execute arbitrary code on the system, caused by an argument injection flaw. By using a specially-crafted Gemfile file that contains a dash leading git url parameter, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 6.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214794](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214794>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-41881](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242087>) \n** DESCRIPTION: **Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. By sending a specially-crafted message, a remote attacker could exploit this vulnerability to cause an infinite recursion, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242087](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242087>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-4304](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246612>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/246612](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246612>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-4450](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246615>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the improper handling of specific PEM data by the PEM_read_bio_ex() function. By sending specially crafted PEM files for parsing, a remote attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/246615](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246615>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-0215](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246614>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a use-after-free error related to the incorrect handling of streaming ASN.1 data by the BIO_new_NDEF function. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/246614](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246614>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-0286](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246611>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a type confusion error related to X.400 address processing inside an X.509 GeneralName. By passing arbitrary pointers to a memcmp call, a remote attacker could exploit this vulnerability to read memory contents or cause a denial of service. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/246611](<https://exchange.xforce.ibmcloud.com/vulnerabilities/246611>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H) \n \n** CVEID: **[CVE-2023-23916](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247437>) \n** DESCRIPTION: **cURL libcurl is vulnerable to a denial of service, caused by a flaw in the decompression chain implementation. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause memory errors, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247437](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247437>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2023-26115](<https://exchange.xforce.ibmcloud.com/vulnerabilities/256901>) \n** DESCRIPTION: **Node.js word-wrap module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the result variable. By sending a specially crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/256901](<https://exchange.xforce.ibmcloud.com/vulnerabilities/256901>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-45688](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242881>) \n** DESCRIPTION: **Hutool is vulnerable to a denial of service, caused by stack-based buffer overflow. By persuading a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242881](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242881>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-22145](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206021>) \n** DESCRIPTION: **Elastic Elasticsearch could allow a remote authenticated attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the error reporting feature. By sending a specially-crafted query, an attacker could exploit this vulnerability to obtain sensitive information from a data buffer, and use this information to launch further attacks against the affected system. \nCVSS Base score: 8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206021](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206021>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-2047](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230668>) \n** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the HttpURI class. By sending a specially-crafted request, an attacker could exploit this vulnerability to the HttpClient and ProxyServlet/AsyncProxyServlet/AsyncMiddleManServlet wrongly interpreting an authority with no host as one with a host. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230668](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230668>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-2048](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230670>) \n** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by a flaw in the error handling of an invalid HTTP/2 request. By sending specially-crafted HTTP/2 requests, a remote attacker could exploit this vulnerability to cause the server to become unresponsive, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/230670](<https://exchange.xforce.ibmcloud.com/vulnerabilities/230670>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-25857](<https://exchange.xforce.ibmcloud.com/vulnerabilities/234864>) \n** DESCRIPTION: **Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/234864](<https://exchange.xforce.ibmcloud.com/vulnerabilities/234864>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-38749](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235313>) \n** DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235313](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235313>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-38750](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235312>) \n** DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235312](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235312>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-38751](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235311>) \n** DESCRIPTION: **SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235311](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235311>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-37533](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241253>) \n** DESCRIPTION: **Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP client trusts the host from PASV response by default. By persuading a victim to connect to specially-crafted server, an attacker could exploit this vulnerability to obtain information about services running on the private network, and use this information to launch further attacks against the affected system. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/241253](<https://exchange.xforce.ibmcloud.com/vulnerabilities/241253>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2023-0361](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247680>) \n** DESCRIPTION: **GnuTLS could allow a remote attacker to obtain sensitive information, caused by a timing side-channel flaw in the handling of RSA ClientKeyExchange messages. By recovering the secret from the ClientKeyExchange message, an attacker could exploit this vulnerability to decrypt the application data exchanged over that connection, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/247680](<https://exchange.xforce.ibmcloud.com/vulnerabilities/247680>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-40152](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236355>) \n** DESCRIPTION: **XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236355](<https://exchange.xforce.ibmcloud.com/vulnerabilities/236355>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-48303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/245770>) \n** DESCRIPTION: **GNU Tar is vulnerable to a heap-based buffer overflow, caused by an out-of-bounds read in the from_header() function in list.c when processing of V7 archive files. By persuading a victim to open a specially-crafted V7 file using whitespace characters in the mtime parameter, a remote attacker could overflow a buffer and execute arbitrary code in the context of the current process. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/245770](<https://exchange.xforce.ibmcloud.com/vulnerabilities/245770>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-8565](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189925>) \n** DESCRIPTION: **Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when kube-apiserver is using logLevel >= 9. By gaining access to the log files, an attacker could exploit this vulnerability to obtain the Kubernetes authorization tokens information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/189925](<https://exchange.xforce.ibmcloud.com/vulnerabilities/189925>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-41915](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242595>) \n** DESCRIPTION: **Netty is vulnerable to HTTP response splitting attacks, caused by a flaw when calling DefaultHttpHeaders.set with an iterator of values. A remote attacker could exploit this vulnerability to inject arbitrary HTTP/1.1 response header in some form and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/242595](<https://exchange.xforce.ibmcloud.com/vulnerabilities/242595>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-28965](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200534>) \n** DESCRIPTION: **REXML gem for Ruby could allow a remote attacker to bypass security restrictions, caused by an XML round-trip issues when parsing and serializing XML document. By using a specially-crafted XML document, an attacker could exploit this vulnerability to create an incorrect XML document. \nCVSS Base score: 5.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200534](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200534>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-25901](<https://exchange.xforce.ibmcloud.com/vulnerabilities/245045>) \n** DESCRIPTION: **Node.js cookiejar module is vulnerable to a denial of service, caused by an insecure regular expression in the Cookie.parse function. A remote attacker could exploit this vulnerability to cause a regular expression denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/245045](<https://exchange.xforce.ibmcloud.com/vulnerabilities/245045>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-11250](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166710>) \n** DESCRIPTION: **Kubernetes could allow a remote attacker to obtain sensitive information, caused by storing credentials in the log by the client-go library. By sending a specially-crafted command, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166710](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166710>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nNetcool Operations Insight| 1.4.x \nNetcool Operations Insight| 1.5.x \nNetcool Operations Insight| 1.6.x \n \n## Remediation/Fixes\n\nIBM strongly suggests the following remediation / fixes:\n\nNetcool Operations Insight v1.6.10 can be deployed on-premises, on a supported cloud platform, or on a hybrid cloud and on-premises architecture. \n\nPlease go to <https://www.ibm.com/docs/en/noi/1.6.10?topic=installing> to follow the installation instructions relevant to your chosen architecture.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 4.7}, "published": "2023-09-27T21:11:57", "type": "ibm", "title": "Security Bulletin: Netcool Operations Insights 1.6.10 addresses multiple security vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11771", "CVE-2019-11250", "CVE-2020-13956", "CVE-2020-8565", "CVE-2021-22145", "CVE-2021-25740", "CVE-2021-28965", "CVE-2021-29425", "CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-36090", "CVE-2021-37533", "CVE-2021-43809", "CVE-2022-2047", "CVE-2022-2048", "CVE-2022-25647", "CVE-2022-25857", "CVE-2022-25901", "CVE-2022-3172", "CVE-2022-36083", "CVE-2022-38749", "CVE-2022-38750", "CVE-2022-38751", "CVE-2022-40152", "CVE-2022-40897", "CVE-2022-41881", "CVE-2022-41915", "CVE-2022-4304", "CVE-2022-4450", "CVE-2022-45688", "CVE-2022-48303", "CVE-2023-0215", "CVE-2023-0286", "CVE-2023-0361", "CVE-2023-1436", "CVE-2023-2251", "CVE-2023-23916", "CVE-2023-26115", "CVE-2023-33955"], "modified": "2023-09-27T21:11:57", "id": "E05CC151FBA87195514CB65A3CB00BD8B2697F1C08602EC6A35EBF3E97CE31AB", "href": "https://www.ibm.com/support/pages/node/7039284", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2023-12-06T18:23:41", "description": "A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-09-20T17:15:00", "type": "debiancve", "title": "CVE-2021-25740", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25740"], "modified": "2021-09-20T17:15:00", "id": "DEBIANCVE:CVE-2021-25740", "href": "https://security-tracker.debian.org/tracker/CVE-2021-25740", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}], "redhatcve": [{"lastseen": "2023-12-06T17:45:09", "description": "A flaw was found in Kubernetes. This issue enables users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.\n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-07-15T00:51:56", "type": "redhatcve", "title": "CVE-2021-25740", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25740"], "modified": "2023-04-06T07:20:57", "id": "RH:CVE-2021-25740", "href": "https://access.redhat.com/security/cve/cve-2021-25740", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N"}}]}