Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM1BD589A2EFA871129365AA28211FAACF45DF2612E504EA283F22F4A22491789B
HistoryAug 20, 2022 - 6:32 p.m.

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

2022-08-2018:32:48
www.ibm.com
40

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

0.008 Low

EPSS

Percentile

82.1%

JSON

Summary

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Vulnerability Details

CVEID:CVE-2021-3121
**DESCRIPTION:**An unspecified error with the lack of certain index validation, aka the skippy peanut butter issue in GoGo Protobuf has an unknown impact and attack vector.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194539 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2019-11250
**DESCRIPTION:**Kubernetes could allow a remote attacker to obtain sensitive information, caused by storing credentials in the log by the client-go library. By sending a specially-crafted command, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/166710 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2022-21698
**DESCRIPTION:**Prometheus Go client library (client_golang ) is vulnerable to a denial of service, caused by a flaw when handling requests with non-standard HTTP methods. By sending specially-crafted HTTP requests, a remote attacker could exploit this vulnerability to cause a memory exhaustion.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219707 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-1154
**DESCRIPTION:**Vim is vulnerable to a heap-based buffer overflow, caused by a use-after-free in mbyte.c in utf_ptr2char. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/223115 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2018-25032
**DESCRIPTION:**Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many distant matches, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222615 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)|**Version(s)
**
—|—
IBM Robotic Process Automation for Cloud Pak| 21.0.2

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Product(s) **Version(s) number and/or range ** Remediation/Fix/Instructions
IBM Robotic Process Automation for Cloud Pak < 21.0.2.5 Follow instructions to update to version 21.0.2.5 (21.0.2 IF005) or higher.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmrobotic_process_automationMatch21.0.1
OR
ibmrobotic_process_automationMatch21.0.2

Related

redhat 17
gitlab 3
cve 2
github 4
nvd 3
prion 2
osv 18
veracode 2
nessus 52
ibm 16
symantec 1
cvelist 3
redhatcve 3
debiancve 2
ubuntucve 3
cgr 2
wolfi 1
cbl_mariner 11
rocky 1
alpinelinux 2
openvas 25
cloudfoundry 1
almalinux 3
broadcom 1
redos 1
amazon 1
mariadbunix 1
oraclelinux 4
mageia 1
slackware 1
fedora 2
debian 1
f5 1
suse 1
ubuntu 2
cloudlinux 1
freebsd_advisory 1
freebsd 1
archlinux 1
owncloud 1
redhat
redhat
(RHSA-2022:5026) Moderate: OpenShift Virtualization 4.10.2 Images security and bug fix update
2022-06-14 13:20:22
(RHSA-2019:4052) Moderate: OpenShift Container Platform 3.11 atomic-openshift security update
2019-12-16 13:47:29
(RHSA-2021:1227) Moderate: OpenShift Container Platform 4.7.8 security and extras update
2021-04-26 15:42:31
gitlab
gitlab
Insertion of Sensitive Information into Log File
2022-05-24 00:00:00
Credentials Management
2019-08-29 00:00:00
Insertion of Sensitive Information into Log File
2022-05-24 00:00:00
cve
cve
CVE-2019-11250
2019-08-29 01:15:11
CVE-2021-3121
2021-01-11 06:15:13
github
github
Kubernetes client-go library logs may disclose credentials to unauthorized users
2022-05-24 16:55:06
Improper Input Validation in GoGo Protobuf
2022-03-28 20:28:00
Nokogiri affected by zlib's Out-of-bounds Write vulnerability
2022-03-26 00:00:33
nvd
nvd
CVE-2019-11250
2019-08-29 01:15:11
CVE-2021-3121
2021-01-11 06:15:13
CVE-2018-25032
2022-03-25 09:15:08
prion
prion
Design/Logic Flaw
2019-08-29 01:15:00
Design/Logic Flaw
2021-01-11 06:15:00
osv
osv
CVE-2019-11250
2019-08-29 01:15:11
Kubernetes client-go library logs may disclose credentials to unauthorized users
2022-05-24 16:55:06
Unauthorized credential disclosure in k8s.io/kubernetes and k8s.io/client-go
2021-04-14 20:04:52
veracode
veracode
Information Disclosure
2019-08-14 02:24:54
Insecure Validation
2021-01-12 06:14:56
nessus
nessus
RHEL 7 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2019:4052)
2019-12-18 00:00:00
Photon OS 1.0: Kubernetes PHSA-2020-1.0-0288
2020-04-15 00:00:00
RHEL 7 : gogo_protobuf (Unpatched Vulnerability)
2024-05-11 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in Kubernetes [CVE-2019-11250]
2024-06-20 18:19:06
Security Bulletin: A Security Vulnerability affects IBM Cloud Private Kubernetes (CVE-2019-11250)
2019-11-23 15:24:42
Security Bulletin: IBM Cloud Pak for Data Scheduling contains a vulnerable kubectl package ( CVE-2019-11250 )
2023-12-06 16:00:08
symantec
symantec
Kubernetes CVE-2019-11250 Information Disclosure Vulnerability
2019-08-13 00:00:00
cvelist
cvelist
CVE-2019-11250 Kubernetes client-go logs authorization headers at debug verbosity levels
2019-08-12 00:00:00
CVE-2021-3121
2021-01-11 05:57:18
CVE-2018-25032
2022-03-25 00:00:00
redhatcve
redhatcve
CVE-2019-11250
2019-08-13 02:23:16
CVE-2021-3121
2021-08-23 09:31:00
CVE-2018-25032
2022-03-28 04:47:54
debiancve
debiancve
CVE-2019-11250
2019-08-29 01:15:11
CVE-2021-3121
2021-01-11 06:15:13
ubuntucve
ubuntucve
CVE-2019-11250
2019-08-29 00:00:00
CVE-2021-3121
2021-01-11 00:00:00
CVE-2018-25032
2022-03-25 00:00:00
cgr
cgr
CVE-2021-3121 vulnerabilities
2024-05-19 03:07:16
CVE-2018-25032 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2021-3121 vulnerabilities
2024-06-29 09:08:33
cbl_mariner
cbl_mariner
CVE-2022-1154 affecting package vim for versions less than 8.2.4743-1
2022-04-26 20:17:05
CVE-2018-25032 affecting package tcl 8.6.8-3
2023-05-03 19:35:26
CVE-2018-25032 affecting package boost 1.66.0-3
2023-05-03 19:35:26
rocky
rocky
vim security update
2022-04-26 13:49:40
alpinelinux
alpinelinux
CVE-2021-3121
2021-01-11 06:15:13
CVE-2018-25032
2022-03-25 09:15:08
openvas
openvas
Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2023-2048)
2023-06-07 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:1023-1)
2022-03-30 00:00:00
Huawei EulerOS: Security Advisory for zlib (EulerOS-SA-2022-1986)
2022-07-08 00:00:00
cloudfoundry
cloudfoundry
USN-5355-1: zlib vulnerability | Cloud Foundry
2022-05-23 00:00:00
almalinux
almalinux
Important: mingw-zlib security update
2022-11-15 00:00:00
Important: mingw-zlib security update
2022-11-08 00:00:00
Important: rsync security update
2022-05-11 13:23:26
broadcom
broadcom
Zlib memory corruption when deflating (i.e. when compressing)
2023-08-01 00:00:00
redos
redos
ROS-20220329-01
2022-03-29 00:00:00
amazon
amazon
Important: rsync
2022-12-01 17:33:00
mariadbunix
mariadbunix
CVE-2018-25032
2022-03-25 09:15:08
oraclelinux
oraclelinux
mingw-zlib security update
2022-11-22 00:00:00
rsync security update
2022-05-19 00:00:00
zlib security update
2022-06-30 00:00:00
mageia
mageia
Updated zlib packages fix security vulnerability
2022-03-31 22:55:37
slackware
slackware
[slackware-security] zlib
2022-03-28 19:37:07
fedora
fedora
[SECURITY] Fedora 35 Update: rsync-3.2.3-9.fc35
2022-04-18 17:14:58
[SECURITY] Fedora 36 Update: rsync-3.2.3-15.fc36
2022-05-07 05:00:30
debian
debian
[SECURITY] [DLA 2968-1] zlib security update
2022-04-02 21:16:08
f5
f5
K21548854 : zlib vulnerability CVE-2018-25032
2022-05-19 00:00:00
suse
suse
Security update for zlib (important)
2022-03-30 00:00:00
ubuntu
ubuntu
rsync vulnerability
2022-03-31 00:00:00
zlib vulnerability
2022-03-30 00:00:00
cloudlinux
cloudlinux
Fixed CVE-2018-25032 in zlib
2022-05-16 13:03:51
freebsd_advisory
freebsd_advisory
FreeBSD-SA-22:08.zlib
2022-04-06 00:00:00
freebsd
freebsd
FreeBSD -- zlib compression out-of-bounds write
2022-04-06 00:00:00
archlinux
archlinux
[ASA-202204-3] zlib: arbitrary code execution
2022-04-04 00:00:00
owncloud
owncloud
Security updates in Desktop Client - ownCloud
2022-05-23 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

0.008 Low

EPSS

Percentile

82.1%

JSON
Related for 1BD589A2EFA871129365AA28211FAACF45DF2612E504EA283F22F4A22491789B
redhat17gitlab3cve2github4nvd3prion2osv18veracode2nessus52ibm16symantec1cvelist3redhatcve3debiancve2ubuntucve3cgr2wolfi1cbl_mariner11rocky1alpinelinux2openvas25cloudfoundry1almalinux3broadcom1redos1amazon1mariadbunix1oraclelinux4mageia1slackware1fedora2debian1f51suse1ubuntu2cloudlinux1freebsd_advisory1freebsd1archlinux1owncloud1