Lucene search

IBMF26A74C5375F6738F3160B3D272645260FE04D2717F9F7B52673CFE0A8C201C7

HistoryMay 01, 2023 - 2:52 p.m.

Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to a server-side request forgery, a denial of service, an attacker obtaining sensitive information, and gaining elevated privileges due to multiple vulnerabilities.

2023-05-0114:52:39

www.ibm.com

ibm i

websphere

ssrf

dos

information disclosure

privilege escalation

ptf update

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.042 Low

EPSS

Percentile

92.3%

JSON

Summary

IBM WebSphere Application Server for IBM i is vulnerable to a server-side request forgery due to a flaw in parsing the href attribute (CVE-2022-46364), and is affected by an attacker obtaining sensitive information due to improper permissions on a temporary file (CVE-2022-45787), attacker gaining elevated privileges due to an insecure temp file (CVE-2023-0482), and a denial of service due to not limiting the file upload request function (CVE-2023-24998) as described in the vulnerability details section. IBM WebSphere Application Server Liberty for IBM i has addressed the vulnerabilities with a fix as described in the remediation/fixes section.

Vulnerability Details

CVEID:CVE-2022-45787
**DESCRIPTION:**Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information, caused by improper laxist permissions on the temporary files. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244033 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2022-46364
**DESCRIPTION:**Apache CXF is vulnerable to server-side request forgery, caused by a flaw in parsing the href attribute of XOP:Include in MTOM requests. By using a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242008 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2023-0482
**DESCRIPTION:**RESTEasy could allow a local authenticated attacker to gain elevated privileges on the system, caused by the creation of insecure temp files in the File.createTempFile() used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/246304 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2023-24998
**DESCRIPTION:**Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to be processed in the file upload function. By sending a specially-crafted request with series of uploads, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/247895 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM i	7.5
IBM i	7.4
IBM i	7.3
IBM i	7.2

Remediation/Fixes

The issues can be fixed by applying a PTF to IBM i that will upgrade Liberty runtime to version 23.0.0.3.
IBM i releases 7.5, 7.4, 7.3, and 7.2 will be fixed.

The IBM i PTF numbers containing the fix for the CVEs.

IBM i Release	5770-SS1 Option 3 PTF	PTF Download Link
7.5	SI83113	<https://www.ibm.com/support/pages/ptf/SI83113>
7.4	SI83114	<https://www.ibm.com/support/pages/ptf/SI83114>
7.3	SI83115	<https://www.ibm.com/support/pages/ptf/SI83115>
7.2	SI83116	<https://www.ibm.com/support/pages/ptf/SI83116>

<https://www.ibm.com/support/fixcentral>

Important note: IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmiMatch7.5.0

ibmiMatch7.4.0

ibmiMatch7.3.0

ibmiMatch7.2.0

ibmibm_i_7.5_preventative_service_planningMatch7.5.0

ibmibm_i_7.5_preventative_service_planningMatch7.4.0

ibmibm_i_7.5_preventative_service_planningMatch7.2.0

ibmibm_i_7.5_preventative_service_planningMatch7.3.0

CPENameOperatorVersion
ibm ieq7.5.0
ibm ieq7.4.0
ibm ieq7.3.0
ibm ieq7.2.0
ibm i 7.5 preventative service planningeq7.5.0
ibm i 7.4 preventative service planningeq7.4.0
ibm i 7.2 preventative service planningeq7.2.0
ibm i 7.3 preventative service planningeq7.3.0

Name	Operator	Version
ibm i	eq	7.5.0
ibm i	eq	7.4.0
ibm i	eq	7.3.0
ibm i	eq	7.2.0
ibm i 7.5 preventative service planning	eq	7.5.0
ibm i 7.4 preventative service planning	eq	7.4.0
ibm i 7.2 preventative service planning	eq	7.2.0
ibm i 7.3 preventative service planning	eq	7.3.0