Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.IBM_COGNOS_6615285.NASL
HistorySep 02, 2022 - 12:00 a.m.

IBM Cognos Analytics Multiple Vulnerabilities (6616285)

2022-09-0200:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22
JSON

The version of IBM Cognos Analytics installed on the remote host is affected by multiple vulnerabilities, including the following:

  • The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation). (CVE-2022-29078)

  • The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. This (in some situations) allows attackers to bypass access control that is based on IP addresses. NOTE: this issue exists because of an incomplete fix for CVE-2021-28918.
    (CVE-2021-29418)

  • Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts. (CVE-2021-28918)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(164652);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/13");

  script_cve_id(
    "CVE-2020-4301",
    "CVE-2020-28469",
    "CVE-2020-36518",
    "CVE-2021-3749",
    "CVE-2021-3807",
    "CVE-2021-20468",
    "CVE-2021-23438",
    "CVE-2021-28918",
    "CVE-2021-29418",
    "CVE-2021-29823",
    "CVE-2021-39009",
    "CVE-2021-39045",
    "CVE-2021-43797",
    "CVE-2021-44531",
    "CVE-2021-44532",
    "CVE-2021-44533",
    "CVE-2022-21803",
    "CVE-2022-21824",
    "CVE-2022-29078",
    "CVE-2022-30614",
    "CVE-2022-36773"
  );
  script_xref(name:"IAVB", value:"2022-B-0031-S");

  script_name(english:"IBM Cognos Analytics Multiple Vulnerabilities (6616285)");

  script_set_attribute(attribute:"synopsis", value:
"The remote web application is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of IBM Cognos Analytics installed on the remote host is affected by multiple vulnerabilities, including the
following:

  - The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template
    injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and
    overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template
    compilation). (CVE-2022-29078)

  - The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address
    string, such as an octal digit of 9. This (in some situations) allows attackers to bypass access control
    that is based on IP addresses. NOTE: this issue exists because of an incomplete fix for CVE-2021-28918.
    (CVE-2021-29418)

  - Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated
    remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A
    remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical
    VPN or LAN hosts. (CVE-2021-28918)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.ibm.com/support/pages/node/6615285");
  script_set_attribute(attribute:"solution", value:
"Upgrade to IBM Cognos Analytics 11.1.7 FP5, 11.2.3, or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-29078");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/08/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/08/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/09/02");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:cognos_analytics");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ibm_cognos_analytics_web_detect.nbin");
  script_require_keys("installed_sw/IBM Cognos Analytics");

  exit(0);
}

include('vcf.inc');
include('http.inc');

var app = 'IBM Cognos Analytics';

var port = get_http_port(default:443);

var app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);

# Remote detection cannot determine fix pack
if (app_info.version =~ "^11\.1\.7($|[^0-9])" && report_paranoia < 2)
  audit(AUDIT_POTENTIAL_VULN, app_info['version'], app);

var constraints = [
  { 'min_version':'11.1', 'fixed_version':'11.1.8', 'fixed_display':'11.1.7 FP5' },
  { 'min_version':'11.2', 'fixed_version':'11.2.3' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
ibmcognos_analyticscpe:/a:ibm:cognos_analytics

References

Related

ibm 37
photon 3
nodejsblog 1
nessus 24
altlinux 1
freebsd 2
redos 1
mageia 1
oraclelinux 2
osv 26
rocky 3
almalinux 2
fedora 2
redhat 5
suse 2
f5 1
debian 1
redhatcve 9
cve 13
hackerone 2
prion 16
github 7
veracode 11
nodejs 3
checkpoint_advisories 1
cnvd 5
debiancve 5
githubexploit 1
malwarebytes 1
nuclei 2
ubuntucve 6
alpinelinux 1
cbl_mariner 2
ibm
ibm
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities
2022-08-31 20:25:04
Security Bulletin: Vulnerabilities in the Open Source Node.js runtime affect IBM Event Streams (CVE-2021-44533, CVE-2022-21824, CVE-2021-44531, CVE-2021-44532)
2022-07-12 15:05:41
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple CVEs in Node.js
2022-04-08 14:56:49
photon
photon
Important Photon OS Security Update - PHSA-2022-0164
2022-03-22 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0164
2022-03-22 00:00:00
Important Photon OS Security Update - PHSA-2022-0453
2022-03-23 00:00:00
nodejsblog
nodejsblog
January 10th 2022 Security Releases
2022-01-11 00:00:00
nessus
nessus
openSUSE 15 Security Update : nodejs14 (openSUSE-SU-2022:0112-1)
2022-01-19 00:00:00
SUSE SLES12 Security Update : nodejs14 (SUSE-SU-2022:0114-1)
2022-01-19 00:00:00
SUSE SLES15 Security Update : nodejs14 (SUSE-SU-2022:0112-1)
2022-01-19 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package node version 16.13.2-alt1
2022-03-18 00:00:00
freebsd
freebsd
Node.js -- January 2022 Security Releases
2022-01-10 00:00:00
kafka -- Denial Of Service vulnerability
2022-03-11 00:00:00
redos
redos
ROS-20220125-10
2022-01-25 00:00:00
mageia
mageia
Updated nodejs packages fix security vulnerability
2022-02-22 23:15:16
oraclelinux
oraclelinux
nodejs:14 security update
2022-11-15 00:00:00
nodejs:16 security, bug fix, and enhancement update
2022-12-16 00:00:00
osv
osv
Moderate: nodejs:14 security update
2022-11-08 00:00:00
Moderate: nodejs:14 security update
2022-11-08 10:51:23
CVE-2021-28918
2021-04-01 13:15:14
rocky
rocky
nodejs:14 security update
2022-11-08 10:51:23
nodejs:16 security, bug fix, and enhancement update
2022-12-15 15:42:25
12 bug fix and enhancement update
2022-06-21 11:47:44
almalinux
almalinux
Moderate: nodejs:14 security update
2022-11-08 00:00:00
Moderate: nodejs:16 security, bug fix, and enhancement update
2022-12-15 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: nodejs-16.13.2-1.fc35
2022-01-20 14:55:17
[SECURITY] Fedora 34 Update: nodejs-14.18.3-1.fc34
2022-01-20 08:35:12
redhat
redhat
(RHSA-2022:7830) Moderate: nodejs:14 security update
2022-11-08 10:51:23
(RHSA-2022:7044) Moderate: rh-nodejs14-nodejs security update
2022-10-19 09:58:44
(RHSA-2022:9073) Moderate: nodejs:16 security, bug fix, and enhancement update
2022-12-15 15:42:25
suse
suse
Security update for nodejs12 (moderate)
2022-04-17 00:00:00
Security update for netty3 (moderate)
2022-06-13 00:00:00
f5
f5
K25521404 : Node.js netmask vulnerability CVE-2021-28918 and CVE-2021-29418
2021-04-05 00:00:00
debian
debian
[SECURITY] [DSA 5170-1] nodejs security update
2022-06-27 18:43:09
redhatcve
redhatcve
CVE-2021-29418
2021-03-30 17:56:56
CVE-2022-29078
2022-04-26 07:23:29
CVE-2021-28918
2021-03-30 18:27:42
cve
cve
CVE-2021-29418
2021-03-30 07:15:00
CVE-2021-39045
2022-09-01 19:15:00
CVE-2021-29823
2022-09-01 19:15:00
hackerone
hackerone
Node.js: Node.js Certificate Verification Bypass via String Injection
2021-12-17 14:57:13
Node.js: Prototype pollution via console.table properties
2021-12-20 00:35:48
prion
prion
Improper access control
2021-03-30 07:15:00
Design/Logic Flaw
2022-09-01 19:15:00
Design/Logic Flaw
2022-09-01 19:15:00
github
github
netmask npm package mishandles octal input data
2021-03-29 21:32:05
Improper parsing of octal bytes in netmask
2021-04-14 15:03:16
Prototype Pollution in nconf
2022-04-13 00:00:30
veracode
veracode
Server-Side Request Forgery (SSRF)
2021-03-31 02:12:59
Prototype Pollution
2021-09-02 08:08:03
Server-Side Template Injection
2022-04-26 07:38:54
nodejs
nodejs
Type confusion
2021-09-20 18:58:37
netmask npm package vulnerable to octal input data
2021-03-29 21:35:07
Regular expression denial of service
2021-06-07 21:57:10
checkpoint_advisories
checkpoint_advisories
Reverse Shell Commands Over HTTP Payload (CVE-2022-29078)
2022-09-14 00:00:00
cnvd
cnvd
IBM Cognos Analytics has an unspecified vulnerability (CNVD-2022-62222)
2022-09-05 00:00:00
IBM Cognos Analytics has an unspecified vulnerability (CNVD-2022-62227)
2022-09-05 00:00:00
IBM Cognos Analytics has an unspecified vulnerability (CNVD-2022-62370)
2022-09-05 00:00:00
debiancve
debiancve
CVE-2022-29078
2022-04-25 15:15:00
CVE-2020-28469
2021-06-03 16:15:00
CVE-2021-44531
2022-02-24 19:15:00
githubexploit
githubexploit
Exploit for Code Injection in Ejs
2022-07-20 10:10:01
malwarebytes
malwarebytes
The npm netmask vulnerability explained so you can actually understand it
2021-03-31 12:28:16
nuclei
nuclei
Netmask NPM Package - Server-Side Request Forgery
2021-07-06 06:50:43
Node.js Embedded JavaScript 3.1.6 - Template Injection
2022-07-19 11:08:32
ubuntucve
ubuntucve
CVE-2022-29078
2022-04-25 00:00:00
CVE-2021-44531
2022-02-24 00:00:00
CVE-2021-44533
2022-02-24 00:00:00
alpinelinux
alpinelinux
CVE-2021-44533
2022-02-24 19:15:00
cbl_mariner
cbl_mariner
CVE-2021-44531 affecting package nodejs 14.18.1-1
2022-03-19 16:40:55
CVE-2021-44531 affecting package nodejs 14.17.2-2
2022-04-09 06:52:23
JSON
Related for IBM_COGNOS_6615285.NASL
ibm37photon3nodejsblog1nessus24altlinux1freebsd2redos1mageia1oraclelinux2osv26rocky3almalinux2fedora2redhat5suse2f51debian1redhatcve9cve13hackerone2prion16github7veracode11nodejs3checkpoint_advisories1cnvd5debiancve5githubexploit1malwarebytes1nuclei2ubuntucve6alpinelinux1cbl_mariner2