Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Cognos Metrics Manager (CVE-2015-1819, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8035, CVE-2015-8241, CVE-2015-8317)

Summary

The vulnerabilities have been addressed in the libxml2 component of IBM Cognos Metrics Manager

Vulnerability Details

CVEID: CVE-2015-1819**
DESCRIPTION:** Libxml is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error in the xmlreader when processing XML data. A remote attacker could exploit this vulnerability to consume all available memory resources.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107272 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-5312**
DESCRIPTION:** An unspecified error in Libxml2 related to an entity expansion flaw has an unknown impact and attack vector.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108319 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2015-7497**
DESCRIPTION:** Libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow in the xmlDictComputeFastQKey() function. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108320 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-7498**
DESCRIPTION:** An unspecified error in Libxml2 related to the processing of entities after encoding conversion failures have occured has an unknown impact and attack vector.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108321 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2015-7499**
DESCRIPTION:** An unspecified error in Libxml2 related to some parser errors has an unknown impact and attack vector.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108322 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2015-7500**
DESCRIPTION:** Libxml2 is vulnerable to a denial of service, caused by a memory access error when handling invalid entity boundaries. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108323 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-7941**
DESCRIPTION:** Libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow in the xmlParseEntityDecl or xmlParseConditionalSections function. By using a specially-crafted XML data, a remote attacker could exploit this vulnerability to trigger an out-of-bounds read and cause the system to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108071 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-7942**
DESCRIPTION:** Libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow in the xmlParseConditionalSections function. By using a specially-crafted XML data, a remote attacker could exploit this vulnerability to trigger an out-of-bounds read and cause the system to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108073 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-8035**
DESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by an error when xz support is enabled. By using a specially-crafted xml file, an local attacker could exploit this vulnerability to cause the software to crash.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107845 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-8241**
DESCRIPTION:** libxml2 is vulnerable to a buffer overflow, caused by improper bounds checking by the XML parser in xmlNextChar. By using a malformed XML file, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108169 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2015-8317**
DESCRIPTION:** libxml2 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the xmlParseXMLDecl function. By using a malformed XML file, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108316 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

• • IBM Cognos Metrics Manager 10.2.2
• IBM Cognos Metrics Manager 10.2.1
• IBM Cognos Metrics Manager 10.2
• IBM Cognos Metrics Manager 10.1.1
• IBM Cognos Metrics Manager 10.1

Remediation/Fixes

The recommended solution is to apply the fix as soon as practical. As the fix is in a shared component across the Business Intelligence portfolio, applying the BI Interim Fix will resolve the issue. Note that the prerequisites named in the links are also satisfied by an IBM Cognos Metrics Manager install of the same version.

IBM Cognos Business Intelligence 10.1.x Interim Fixes
IBM Cognos Business Intelligence 10.2.x Interim Fixes

Workarounds and Mitigations

None