logo
DATABASE RESOURCES PRICING ABOUT US

Security Bulletin: Cloud Pak for Security contains packages that have multiple vulnerabilities

Description

## Summary Cloud Pak for Security v1.9.0.0 and earlier may be vulnerable to multiple CVEs through the use of dependency packages. These have been updated in the latest release and vulnerabilities have neen addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security (CP4S). ## Vulnerability Details ** CVEID: **[CVE-2021-25329](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25329>) ** DESCRIPTION: **Apache Tomcat could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw with a configuration edge case. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 8.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197519](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197519>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2019-12418](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12418>) ** DESCRIPTION: **Apache Tomcat could allow a local attacker to gain elevated privileges on the system, caused by a flaw when configured with the JMX Remote Lifecycle Listener. By using man-in-the-middle attack techniques, an attacker could exploit this vulnerability to capture user names and passwords used to access the JMX interface and gain elevated privileges. CVSS Base score: 8.4 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173626](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173626>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2017-12617](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12617>) ** DESCRIPTION: **Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete fix related to an error when running on Windows with HTTP PUTs enabled. By sending a specially-crafted request, an attacker could exploit this vulnerability to upload a JSP file and execute arbitrary code on the system. CVSS Base score: 8.1 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/132484](<https://exchange.xforce.ibmcloud.com/vulnerabilities/132484>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2020-14343](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14343>) ** DESCRIPTION: **YAML PyYAML could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when processing untrusted YAML files through the full_load method or with the FullLoader loader. By persuading a victim to open a specially-crafted YAML file, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 7.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197449](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197449>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-3272](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3272>) ** DESCRIPTION: **JasPer is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the jp2_decode in jp2/jp2_dec.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base score: 7.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195754](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195754>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2020-7733](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7733>) ** DESCRIPTION: **ua-parser-js is vulnerable to a denial of service. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a regular expression denial of service. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188397](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188397>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2020-28493](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28493>) ** DESCRIPTION: **Pallets jinja2 is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the email regex. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195894](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195894>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2020-28500](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500>) ** DESCRIPTION: **Node.js lodash module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) in the toNumber, trim and trimEnd functions. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196972](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196972>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2020-36048](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36048>) ** DESCRIPTION: **Socket.IO Engine.IO is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted HTTP POST request to the long polling transport, a remote attacker could exploit this vulnerability to cause a resource consumption, and results in a denial of service condition. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194532](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194532>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2020-7793](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7793>) ** DESCRIPTION: **ua-parser-js is vulnerable to a denial of service, caused by regular expression denial of service (ReDoS) in multiple regexes. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192997](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192997>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2020-8203](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8203>) ** DESCRIPTION: **Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack. A remote attacker could exploit this vulnerability using the merge, mergeWith, and defaultsDeep functions to inject properties onto Object.prototype to crash the server and possibly execute arbitrary code on the system. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183560>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2021-23341](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23341>) ** DESCRIPTION: **prism is vulnerable to a denial of service. By using the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components, a remote attacker could exploit this vulnerability to cause a regular expression denial of service (ReDoS). CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197047](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197047>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2021-29060](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29060>) ** DESCRIPTION: **Color-String is vulnerable to a denial of service, caused by an error when the application is provided and checks a crafted invalid HWB string. By sending a specially crafted string, a remote attacker could exploit this vulnerability to cause a regular expression denial of service. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204156](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204156>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2021-32723](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32723>) ** DESCRIPTION: **Node.js prismjs module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw when highlighting untrusted (user-given) text. By sending specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204479](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204479>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2021-33623](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33623>) ** DESCRIPTION: **Node.js trim-newlines module is vulnerable to a denial of service, caused by a regular expression denial-of-service (ReDoS) flaw in the .end() method. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202758](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202758>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2021-3749](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3749>) ** DESCRIPTION: **axios is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the trim function. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause an application to consume an excessive amount of CPU. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208438](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208438>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2021-3801](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3801>) ** DESCRIPTION: **Prismjs prism is vulnerable to a denial of service, caused by the inefficient regular expression complexity. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209459](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209459>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2021-3803](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3803>) ** DESCRIPTION: **nth-check is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209593](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209593>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2021-42340](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42340>) ** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially-crafted request using OutOfMemoryError, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211354](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211354>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2018-1305](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1305>) ** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security constraints that are defined by annotations of Servlets in certain cases. An attacker could exploit this vulnerability to bypass security constraints to access restricted resources. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/139475](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139475>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) ** CVEID: **[CVE-2018-1304](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1304>) ** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to properly enforce security constraint definitions that contain a URL pattern of "" (the empty string) that exactly maps to the context root. An attacker could exploit this vulnerability to bypass security constraints to access restricted resources. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/139476](<https://exchange.xforce.ibmcloud.com/vulnerabilities/139476>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) ** CVEID: **[CVE-2021-30640](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30640>) ** DESCRIPTION: **Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper authentication validation in the JNDI Realm. By sending a specially-crafted request using various user names, an attacker could exploit this vulnerability to bypass some of the protection provided by the LockOut Realm. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/205213](<https://exchange.xforce.ibmcloud.com/vulnerabilities/205213>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) ** CVEID: **[CVE-2021-41079](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41079>) ** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by improper input validation of TLS packets. By sending a specially-crafted TLS packet, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209450](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209450>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2021-37699](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37699>) ** DESCRIPTION: **Node.js next module could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites. CVSS Base score: 7.4 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207375](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207375>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N) ** CVEID: **[CVE-2018-11784](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11784>) ** DESCRIPTION: **Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the default servlet. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites. CVSS Base score: 7.4 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150860](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150860>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N) ** CVEID: **[CVE-2020-15256](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15256>) ** DESCRIPTION: **Node.js object-path module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the set method to the includeInheritedProps mode. By creating a new instance of object-path and setting the option includeInheritedProps: true, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 7.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/190219](<https://exchange.xforce.ibmcloud.com/vulnerabilities/190219>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) ** CVEID: **[CVE-2021-23337](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23337>) ** DESCRIPTION: **Node.js lodash module could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in the template. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. CVSS Base score: 7.2 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196797](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196797>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-39178](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39178>) ** DESCRIPTION: **Vercel Next.js is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Image Optimization API. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. CVSS Base score: 7.2 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208466](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208466>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) ** CVEID: **[CVE-2018-16487](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16487>) ** DESCRIPTION: **Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution flaw. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to inject properties onto Object.prototype to cause a denial of service condition. CVSS Base score: 6.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/156530](<https://exchange.xforce.ibmcloud.com/vulnerabilities/156530>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) ** CVEID: **[CVE-2019-10744](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10744>) ** DESCRIPTION: **Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution flaw. By sending a specially-crafted request using a constructor payload, a remote attacker could exploit this vulnerability to inject properties onto Object.prototype to cause a denial of service condition. CVSS Base score: 6.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167415](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167415>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) ** CVEID: **[CVE-2019-10746](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10746>) ** DESCRIPTION: **Node.js mixin-deep module is vulnerable to a denial of service, caused by a prototype pollution flaw. By sending a specially-crafted request using a constructor payload, a remote attacker could exploit this vulnerability to inject properties onto Object.prototype to cause a denial of service condition. CVSS Base score: 6.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167420](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167420>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) ** CVEID: **[CVE-2021-1765](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1765>) ** DESCRIPTION: **Apple macOS could allow a remote attacker to bypass security restrictions, caused by a logic issue in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to violate iframe sandboxing policy. CVSS Base score: 6.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195917](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195917>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) ** CVEID: **[CVE-2020-1935](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1935>) ** DESCRIPTION: **Apache Tomcat is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual Transfer-Encoding HTTP header. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. CVSS Base score: 6.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176788](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176788>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) ** CVEID: **[CVE-2020-15138](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15138>) ** DESCRIPTION: **Prism is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Previewers plugin. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. CVSS Base score: 6.1 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186416](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186416>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) ** CVEID: **[CVE-2020-25658](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25658>) ** DESCRIPTION: **Python-RSA could allow a remote attacker to obtain sensitive information, caused by a Bleichenbacher timing attack. By sending a specially-crafted request using the RSA decryption API, an attacker could exploit this vulnerability to obtain parts of the cipher text encrypted with RSA, and use this information to launch further attacks against the affected system. CVSS Base score: 5.9 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191710](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191710>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) ** CVEID: **[CVE-2020-25659](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25659>) ** DESCRIPTION: **python-cryptography could allow a remote attacker to obtain sensitive information, caused by a Bleichenbacher timing attack. By sending a specially-crafted request using the RSA decryption API, an attacker could exploit this vulnerability to obtain parts of the cipher text encrypted with RSA, and use this information to launch further attacks against the affected system. CVSS Base score: 5.9 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192485](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192485>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) ** CVEID: **[CVE-2017-8872](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872>) ** DESCRIPTION: **libxml2 is vulnerable to a buffer overflow, caused by a a buffer-over-read flaw in the htmlParseTryOrFinish function in HTMLparser.c. By sending a specially-crafted request, a local attacker could overflow a buffer and cause a denial of service condition or obtain sensitive information on the system. CVSS Base score: 5.9 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/125890](<https://exchange.xforce.ibmcloud.com/vulnerabilities/125890>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) ** CVEID: **[CVE-2019-17563](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563>) ** DESCRIPTION: **Apache Tomcat could allow a local attacker to hijack a user's session. By using the FORM authentication function, an attacker could exploit this vulnerability to gain access to another user's session. CVSS Base score: 5.9 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173558](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173558>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) ** CVEID: **[CVE-2021-23434](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23434>) ** DESCRIPTION: **Node.js object-path module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw when the path components used in the path parameter are arrays. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 5.6 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208319](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208319>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) ** CVEID: **[CVE-2020-26237](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26237>) ** DESCRIPTION: **Highlight.js is vulnerable to a denial of service, caused by a prototype pollution. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192317](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192317>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) ** CVEID: **[CVE-2019-16276](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16276>) ** DESCRIPTION: **Golang could allow a remote attacker to bypass security restrictions, caused by improper validation of HTTP header. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass filter or conduct HTTP request smuggling. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167963](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167963>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) ** CVEID: **[CVE-2018-8014](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8014>) ** DESCRIPTION: **Apache Tomcat could provide weaker than expected security, caused by insecure default settings for the CORS filter. A remote attacker could exploit this vulnerability to launch further attacks on the system. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/143411](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143411>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) ** CVEID: **[CVE-2021-25122](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25122>) ** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when responding to new h2c connection requests. By sending a specially-crafted request, an attacker could exploit this vulnerability to see the request body information from one request to another, and use this information to launch further attacks against the affected system. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197517](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197517>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) ** CVEID: **[CVE-2018-8037](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8037>) ** DESCRIPTION: **Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the improper handling of NIO/NIO2 connectors closures. An attacker could exploit this vulnerability to reuse user sessions in a new connection. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/147212](<https://exchange.xforce.ibmcloud.com/vulnerabilities/147212>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) ** CVEID: **[CVE-2020-11996](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11996>) ** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service. By sending a specially crafted sequence of HTTP/2 requests, a remote attacker could exploit this vulnerability to trigger high CPU usage for several seconds. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/184012](<https://exchange.xforce.ibmcloud.com/vulnerabilities/184012>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) ** CVEID: **[CVE-2015-1572](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1572>) ** DESCRIPTION: **e2fsprogs is vulnerable to a heap-based buffer overflow, caused by an incomplete fix related to improper bounds checking by the libext2fs library. A local attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. CVSS Base score: 4.6 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/101199](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101199>) for the current score. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P) ** CVEID: **[CVE-2021-27292](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27292>) ** DESCRIPTION: **UAParser.js is vulnerable to a denial of service. By sending a specially crafted User-Agent header, a remote attacker could exploit this vulnerability to cause the application to process the file for an extended time. CVSS Base score: 4.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198307](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198307>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) ** CVEID: **[CVE-2021-32822](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32822>) ** DESCRIPTION: **Node.js hbs module could allow a remote attacker to obtain sensitive information, caused by an issue when the template engine configuration options are passed through Express render API. By overwriting internal configuration options, an attacker could exploit this vulnerability to obtain file information, and use this information to launch further attacks against the affected system. CVSS Base score: 4 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/207809](<https://exchange.xforce.ibmcloud.com/vulnerabilities/207809>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N) ** CVEID: **[CVE-2021-39227](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39227>) ** DESCRIPTION: **Baidu EFE team ZRender could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the merge and clone helper methods in the src/core/util.ts. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of servuce condition on the system. CVSS Base score: 9.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209652](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209652>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2020-1938](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938>) ** DESCRIPTION: **Apache Tomcat could allow a remote attacker to execute arbitrary code on the system, caused by a file read/inclusion vulnerability in the AJP connector. By sending a specially-crafted request, an attacker could exploit this vulnerability to read web application files from a vulnerable server and upload malicious JavaServer Pages (JSP) code within a variety of file types and execute arbitrary code on the system. Note: This vulnerability is known as Ghostcat. CVSS Base score: 9.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176562](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176562>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-3805](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3805>) ** DESCRIPTION: **Node.js object-path module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the del() function. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of servuce condition on the system. CVSS Base score: 9.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/209595](<https://exchange.xforce.ibmcloud.com/vulnerabilities/209595>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ## Affected Products and Versions Affected Product(s)| Version(s) ---|--- Cloud Pak for Security (CP4S)| 1.9.1.0 Cloud Pak for Security (CP4S)| 1.8.1.0 Cloud Pak for Security (CP4S)| 1.8.0.0 ## Remediation/Fixes Please upgrade following instructions at <https://www.ibm.com/docs/en/cloud-paks/cp-security/1.9?topic=installing-upgrading-cloud-pak-security-from-18> ## Workarounds and Mitigations None ## Get Notified about Future Security Bulletins Subscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this. ### References [Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> "Link resides outside of ibm.com" ) [On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> "Link resides outside of ibm.com" ) Off ## Related Information [IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) [IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>) ## Change History 01 Mar 2022: Initial Publication *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. ## Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions. ## Document Location Worldwide [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTDPP","label":"IBM Cloud Pak for Security"},"Component":"","Platform":[{"code":"PF040","label":"RedHat OpenShift"}],"Version":"1.8.0.0, 1.8.1.0, 1.9.0.0","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]


Affected Software


CPE Name Name Version
cloud pak for security (cp4s) 1.9.1.0
cloud pak for security (cp4s) 1.8.1.0
cloud pak for security (cp4s) 1.8.0.0

Related