IBMC8DC52E18DE2B301779A288FE565E0FA6DBFDE285612046F4E87FB57A672950DSecurity Bulletin: Multiple vulnerabilities within WebSphere Application and IBM HTTP Server and Java, affect IBM Tivoli Monitoring.
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
91.8%
Summary
Multiple vulnerabilities within WebSphere Application and IBM HTTP Server and Java which is included as part of IBM Tivoli Monitoring (ITM) portal server. have been remediated.
Vulnerability Details
CVEID:CVE-2024-38472
**DESCRIPTION:**Apache HTTP Server is vulnerable to server-side request forgery, caused by improper validation of WIndows UNC. By sending a specially crafted request, an attacker could exploit this vulnerability to leak NTML hashes to a malicious server.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/296127 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2024-38473
**DESCRIPTION:**Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by an encoding flaw in mod_proxy. By sending specially crafted requests with incorrect encoding an attacker could exploit this vulnerability to bypass authentication validation.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/296126 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2024-38474
**DESCRIPTION:**Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by a substitution encoding issue in mod_rewrite. By sending a specially crafted request, an attacker could exploit this vulnerability to execute scripts in directories permitted by the configuration.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/296125 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVEID:CVE-2024-38475
**DESCRIPTION:**Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag “UnsafePrefixStat” can be used to opt back in once ensuring the substitution is appropriately constrained.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/296124 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVEID:CVE-2024-38476
**DESCRIPTION:**Apache HTTP Server allow a remote attacker to obtain sensitive information, caused by improper input validation by the backend applications response headers. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, perform server-side request forgery attack or local script execution.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/296123 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2024-38477
**DESCRIPTION:**Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in mod_proxy. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/296122 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2024-39573
**DESCRIPTION:**Apache HTTP Server is vulnerable to server-side request forgery, caused by a flaw in the mod_rewrite. By sending a specially crafted request, an attacker could exploit this vulnerability to cause unsafe RewriteRules to unexpectedly setup URL’s to be handled by mod_proxy.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/296120 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID:CVE-2024-37532
**DESCRIPTION:**IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. IBM X-Force ID: 294721.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294721 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2024-35153
**DESCRIPTION:**IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 292640.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292640 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)
CVEID:CVE-2024-35154
**DESCRIPTION:**IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641.
CVSS Base score: 7.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292641 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2024-40898
**DESCRIPTION:**Apache HTTP Server is vulnerable to server-side request forgery, caused by an error on Windows with mod_rewrite in server/vhost context. By sending a specially crafted request, an attacker could exploit this vulnerability to leak NTLM hashes to a malicious server.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298127 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2024-40725
**DESCRIPTION:**Apache HTTP Server allow a remote attacker to obtain sensitive information, caused by an incomplete fix for CVE-2024-39884 related to ignoring some use of the legacy content-type based configuration of handlers. By using AddType, an attacker could exploit this vulnerability, resulting in source code disclosure of local content.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298128 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Tivoli Monitoring | 6.3.0 Fix Pack 7 Service Pack 5 |
Remediation/Fixes
IBM strongly recommends addressing the vulnerability now by upgrading
| Fix Name | VRMF | Remediation/Fix Download |
|---|---|---|
| 6.X.X-TIV-ITM_TEPS_WAS-IHS_ALL_8.55.26.01 | 6.3.0.7 Plus Service Pack 5 or later | https://www.ibm.com/support/pages/node/7166236 |
Workarounds and Mitigations
None
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | tivoli_monitoring | 6.3.0.7 | cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
91.8%