Lucene search

K
ibmIBMDAEE122831F93F129ABD9852DBD61F8EB6A59D9EFC70E4A4572FE19643C98AE5
HistoryJun 06, 2023 - 9:17 p.m.

Security Bulletin: tensorflow-2.7.3-cp37 vulnerable to CVE-2022-41911 CVE-2022-41907 CVE-2022-41908 CVE-2022-41896 CVE-2022-41891 CVE-2022-41894 CVE-2022-41884 IBM Maximo Application Suite - Monitor Component

2023-06-0621:17:00
www.ibm.com
19

0.001 Low

EPSS

Percentile

47.6%

Summary

IBM Maximo Application Suite - Monitor Component uses tensorflow-2.7.3-cp37 vulnerable to CVE-2022-41911, CVE-2022-41907, CVE-2022-41908, CVE-2022-41896, CVE-2022-41891, CVE-2022-41894, CVE-2022-41884, CVE-2022-41898, CVE-2022-41888, CVE-2022-41897, CVE-2022-41880, CVE-2022-41889, CVE-2022-41895, CVE-2022-41899, CVE-2022-41909, CVE-2022-41886, CVE-2022-41900, CVE-2022-41893, CVE-2022-41901, CVE-2022-41885, CVE-2022-41890, CVE-2022-41887

Vulnerability Details

CVEID:CVE-2022-41911
**DESCRIPTION:**TensorFlowx is vulnerable to a denial of service, caused by invalid char to bool conversion when printing a tensor. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240401 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41907
**DESCRIPTION:**TensorFlowx is vulnerable to a denial of service, caused by a buffer overflow in the tf.raw_ops.ResizeNearestNeighborGrad function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240396 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41908
**DESCRIPTION:**TensorFlowx is vulnerable to a denial of service, caused by a β€˜CHECK’ fail in tf.raw_ops.PyFunc. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240398 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41896
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by improper input validation by the tf.raw_ops.Mfcc function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240392 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41891
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a segment fault in the tf.raw_ops.TensorListConcat function due to improper input validation. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240388 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41894
**DESCRIPTION:**TensorFlow is vulnerable to a buffer overflow, caused by improper bounds checking by the CONV_3D_TRANSPOSE function on TFLite. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240390 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-41884
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a segment fault in the ndarray_tensor_bridge function due to improper input validation. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240381 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41898
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a CHECK fail via inputs in the SparseFillEmptyRowsGrad function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240394 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41888
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a FPE in the tf.image.generate_bounding_box_proposals function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240385 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41897
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a heap out-of-bounds read flaw in the FractionalMaxPoolGrad function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240393 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41880
**DESCRIPTION:**TensorFlow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds read flaw when receiving a value in true_classes larger than range_max in the BaseCandidateSamplerOp function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240379 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H)

CVEID:CVE-2022-41889
**DESCRIPTION:**TensorFlowis vulnerable to a denial of service, caused by a segfault in the pywrap_tfe_src.cc function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240386 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41895
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a heap out-of-bounds read flaw in the MirrorPadGrad function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240391 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41899
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a CHECK fail via inputs in the SdcaOptimizer function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240395 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41909
**DESCRIPTION:**TensorFlowx is vulnerable to a denial of service, caused by segmentation fault in tf.raw_ops.CompositeTensorVariantToComponents function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240399 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41886
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a buffer overflow in the ImageProjectiveTransformV2 function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240383 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41900
**DESCRIPTION:**TensorFlow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a heap out-of-bounds write flaw in the FractionalMaxPool and FractionalAvgPool functions. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240397 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-41893
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a CHECK_EQ fail in the tf.raw_ops.TensorListResize function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240389 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41901
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a CHECK_EQ fail via inputs in the SparseMatrixNNZ function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240400 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41885
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a buffer overflow in the FusedResizeAndPadConv2D function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240382 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41890
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a CHECK` fail in BCast overflow. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240387 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-41887
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a buffer overflow in the tf.keras.losses.poisson function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240384 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)|**Version(s)
**
β€”|β€”
IBM Maximo Application Suite| 8.9
IBM Maximo Application Suite| 8.10

Remediation/Fixes

Affected Product(s) fix pack Version(s)
IBM Maximo Application Suite 8.9.6 or latest (available from the Catalog under Update Available)
IBM Maximo Application Suite 8.10.3 or latest (available from the Catalog under Update Available)

Workarounds and Mitigations

Workarounds/Mitigation guidance:

None

0.001 Low

EPSS

Percentile

47.6%

Related for DAEE122831F93F129ABD9852DBD61F8EB6A59D9EFC70E4A4572FE19643C98AE5