Security Advisory

IBM product suite (IBM Sterling File Gateway, IBM Sterling B2B Integrator, etc.) security update advisory

  • Feb 23 2024

Overview

 

An update has been made available to fix vulnerabilities in the IBM family of products. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2023-34149, CVE-2023-34396

  • IBM Sterling File Gateway versions 6.0.0.0 through 6.0.3.8
  • IBM Sterling File Gateway 6.1.0.0 through 6.1.0.7 versions
  • IBM Sterling File Gateway 6.1.1.0 through 6.1.2.3 versions

 

CVE-2023-34455, CVE-2023-34453, CVE-2023-34454

  • IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 versions
  • IBM Sterling B2B Integrator 6.1.0.0 through 6.1.0.7 versions
  • IBM Sterling B2B Integrator 6.1.1.0 through 6.1.2.3 versions

 

CVE-2023-39323, CVE-2023-46750, CVE-2021-3765, CVE-2023-45133, CVE-2023-3978, CVE-2023-6378, CVE-2023-44487, CVE-2023-44981, CVE-2023-44483, CVE-2021-23382, CVE-2023-39913, CVE-2022-24999, CVE-2017-1000048, CVE-2018-1313, CVE-2020-28168, CVE-2020-15366, CVE-2022-0639, CVE-2022-0512, CVE-2020-8124, CVE-2021-3664, CVE-2021-27515, CVE-2022-0686, CVE-2022-0691, CVE-2023-26364, CVE-2021-44906, CVE-2020-7598, CVE-2023-42503, CVE-2020-24025, CVE-2018-11694, CVE-2018-20190, CVE-2018-20821, CVE-2018-19827, CVE-2018-19839, CVE-2019-6283, CVE-2019-6286, CVE-2018-19797, CVE-2018-11698, CVE-2023-39325, CVE-2022-46175

  • IBM Planning Analytics Workspace version 2.0

 

CVE-2023-34623

  • IBM Business Automation Workflow containers 23.0.1 through 23.0.1-IF003 versions
  • IBM Business Automation Workflow containers 21.0.3 version
  • IBM Business Automation Workflow containers 23.0.1, 22.0.1 through 22.0.2, 21.0.1 through 21.0.2, 20.0.0.1 through 20.0.0.2 versions
  • IBM Business Automation Workflow traditional 21.0.3.1 version
  • IBM Business Automation Workflow traditional 23.0.1, 22.0.1 through 22.0.2, 21.0.1 through 21.0.3.0, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.1 through 18.0.0.3

 

CVE-2022-43842

  • IBM Aspera Console 3.4.0 through 3.4.2 Patch Level 6 versions

 

CVE-2010-3300

  • IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 versions
  • IBM Sterling B2B Integrator 6.1.0.0 through 6.1.2.3 versions

 

Resolved Vulnerabilities

 

Denial of service vulnerability due to a flaw in Apache Struts in IBM Sterling File Gateway that only handles setProperty() and not getProperty() (CVE-2023-34149)
Denial of Service Vulnerability due to unchecked chunk length in the snappy-java hasNextChunk function in IBM Sterling B2B Integrator (CVE-2023-34455)
Denial of Service Vulnerability due to an integer overflow in the snappy-java shuffle function in IBM Sterling B2B Integrator (CVE-2023-34453)
Denial of Service Vulnerability in snappy-java in IBM Sterling B2B Integrator due to an integer overflow in the compress function (CVE-2023-34454)
Arbitrary code execution vulnerability due to improper enforcement of line directive restrictions in the Golang Go “//go:cgo_” directive in IBM Planning Analytics Workspace (CVE-2023-39323)
Open redirect vulnerability when using Apache Shiro “form” authentication in IBM Planning Analytics Workspace (CVE-2023-46750)
Denial of Service Vulnerability in validator.js in IBM Planning Analytics Workspace due to a regular expression denial of service flaw in the rtrim function call (CVE-2021-3765)
Arbitrary code execution vulnerability due to a flaw in path.evaluate() or path.evaluateTruthy() in Babel in IBM Planning Analytics Workspace (CVE-2023-45133)
Cross-Site Scripting vulnerability due to improper validation of user-supplied input in the Golang html package in IBM Planning Analytics Workspace (CVE-2023-3978)
Denial of Service Vulnerability due to unhandled exceptions in Okio ZipSource in IBM Planning Analytics Workspace (CVE-2023-3635)
Denial of Service Vulnerability in QOS.ch Sarl Logback in IBM Planning Analytics Workspace due to a serialization flaw in the listener component (CVE-2023-6378)
Vulnerability in IBM Planning Analytics Workspace to a denial of service due to a multi-stream handling flaw in the HTTP/2 protocol (CVE-2023-44487)
Security restriction bypass vulnerability due to a flaw when SASL quorum peer authentication is enabled in Apache ZooKeeper in IBM Planning Analytics Workspace (CVE-2023-44981)
Sensitive information access allowed vulnerability due to storing private keys in log files when using the JSR 105 API in Apache Santuario in IBM Planning Analytics Workspace (CVE-2023-44483)
Denial of service vulnerability due to a regular expression denial of service (ReDoS) flaw in the getAnnotationURL() and loadAnnotation() functions in lib/previous-map.js in the Node.js postcss module in IBM Planning Analytics Workspace (CVE-2021-23382)
Arbitrary code execution vulnerability due to multiple insecure deserialization flaws in the Apache UIMA Java SDK in IBM Planning Analytics Workspace (CVE-2023-39913)
Denial of service vulnerability due to a prototype taint flaw in qs in Express.js Express in IBM Planning Analytics Workspace (CVE-2022-24999)
Denial of Service Vulnerability in Ljharb qs in IBM Planning Analytics Workspace (CVE-2017-1000048)
Security restriction bypass vulnerability due to improper validation of received network packets when using Apache Derby in IBM Planning Analytics Workspace (CVE-2018-1313)
Server-side request forgery vulnerability due to improper input validation in the Node.js axios module in IBM Planning Analytics Workspace (CVE-2020-28168)
Arbitrary code execution vulnerability due to a prototype taint flaw in the ajv.validate function in Ajv in IBM Planning Analytics Workspace (CVE-2020-15366)
Security restriction bypass vulnerability due to incorrect conversion of @ in the protocol of href to @ when using the unshift.io url-parse module for NPM in IBM Planning Analytics Workspace (CVE-2022-0639)
Security restriction bypass vulnerability due to improper handling of usernames and passwords when using the unshift.io URL parsing module for NPM in IBM Planning Analytics Workspace (CVE-2022-0512)
Security restriction bypass vulnerability due to insufficient validation and sanitization of user input when using Node.js URL parsing in IBM Planning Analytics Workspace (CVE-2020-8124)
Vulnerability in IBM Planning Analytics Workspace when using url-parse that could allow phishing attacks to be conducted due to incorrect handling of backlash “\” characters in URIs (CVE-2021-3664)
Vulnerability in IBM Planning Analytics Workspace’s use of url-parse allows access to sensitive information due to incorrect handling of certain backslash usage, such as http:\/ (CVE-2021-27515)
Security restriction bypass vulnerability when using the unshift.io URL parsing module for NPM in IBM Planning Analytics Workspace due to an issue with not finding the correct hostname when no port number is provided in the URL (CVE-2022-0686)
Security restriction bypass vulnerability due to improper validation of the \b (backspace) character when using the unshift.io URL parsing module for NPM in IBM Planning Analytics Workspace (CVE-2022-0691)
Denial of service vulnerability due to a regular expression denial of service flaw in the Node.js @adobe/css-tools module in IBM Planning Analytics Workspace (CVE-2023-26364)
Arbitrary code execution vulnerability due to prototype contamination of the setKey() function in the index.js script in the Node.js Minimalist module in IBM Planning Analytics Workspace (CVE-2021-44906)
Weak security provision vulnerability due to a prototype taint flaw in minimist in IBM Planning Analytics Workspace (CVE-2020-7598)
Denial of Service Vulnerability due to improper input validation in Apache Commons Compress in IBM Planning Analytics Workspace (CVE-2023-42503)
Security restriction bypass vulnerability in node-sass in IBM Planning Analytics Workspace due to certificate validation being disabled when requesting binaries, even when the user does not specify an alternate download path (CVE-2020-24025)
Denial of service vulnerability due to a NULL pointer dereference in the Sass::Functions::selector_append function in LibSaas in IBM Planning Analytics Workspace (CVE-2018-11694)
Denial of service vulnerability due to NULL pointer dereference in the Sass::Eval::operator() function in eval.cpp in LibSass in IBM Planning Analytics Workspace (CVE-2018-20190)
Denial of service vulnerability due to uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp in LibSass in IBM Planning Analytics Workspace (CVE-2018-20821)
Denial of service vulnerability due to use after free in the SharedPtr class in SharedPtr.cpp in Libsass in IBM Planning Analytics Workspace (CVE-2018-19827)
Denial of service vulnerability due to a heap-based buffer overread in the handler_error function in LibSass sass_context.cpp in IBM Planning Analytics Workspace (CVE-2018-19839)
Denial of service vulnerability due to a heap-based buffer overflow read in Sass::Prelexer::parenthese_scope in LibSass prelexer.hpp in IBM Planning Analytics Workspace (CVE-2019-6283)
Denial of service vulnerability due to heap-based buffer overread in Sass::Prelexer::skip_over_scopes in LibSass prelexer.hpp in IBM Planning Analytics Workspace (CVE-2019-6286)
LibSass in IBM Planning Analytics Workspace suffers from a denial of service vulnerability due to a NULL pointer dereference in the Sass::Selector_List::populate_extends function in SharedPtr.hpp (CVE-2018-19797)
LibSaas in IBM Planning Analytics Workspace allows access to sensitive information due to an out-of-bounds read of a memory region in the Sass::handle_error function (CVE-2018-11698)
Denial of service vulnerability due to an uncontrolled resource consumption flaw in the Golang Go net/http and x/net/http2 packages in IBM Planning Analytics Workspace (CVE-2023-39325)
Arbitrary code execution vulnerability due to a prototype taint flaw in the parsing method when using JSON5 in IBM Planning Analytics Workspace (CVE-2022-46175)
Denial of Service Vulnerability due to an out-of-bounds write error in jtidy in IBM Business Automation Workflow (CVE-2023-34623)
Vulnerability in IBM Sterling B2B Integrator when using OWASP ESAPI for Java, allowing remote attackers to access sensitive information due to a padding Oracle attack (CVE-2010-3300)

 

Vulnerability Patches

 

Vulnerability patches were made available in the February 2024 Update. Please update to the latest vulnerability patch version as per the reference site.

CVE-2023-34149, CVE-2023-34396

  • IBM Sterling File Gateway version 6.0.3.9
  • IBM Sterling File Gateway 6.1.0.8., 6.1.2.5, 6.2.0.0 versions

 

CVE-2023-34455, CVE-2023-34453, CVE-2023-34454

  • IBM Sterling B2B Integrator 6.0.3.9 version
  • IBM Sterling B2B Integrator 6.1.0.8., 6.1.2.5, 6.2.0.0 versions

 

CVE-2023-39323, CVE-2023-46750, CVE-2021-3765, CVE-2023-45133, CVE-2023-3978, CVE-2023-6378, CVE-2023-44487, CVE-2023-44981, CVE-2023-44483, CVE-2021-23382, CVE-2023-39913, CVE-2022-24999, CVE-2017-1000048, CVE-2018-1313, CVE-2020-28168, CVE-2020-15366, CVE-2022-0639, CVE-2022-0512, CVE-2020-8124, CVE-2021-3664, CVE-2021-27515, CVE-2022-0686, CVE-2022-0691, CVE-2023-26364, CVE-2021-44906, CVE-2020-7598, CVE-2023-42503, CVE-2020-24025, CVE-2018-11694, CVE-2018-20190, CVE-2018-20821, CVE-2018-19827, CVE-2018-19839, CVE-2019-6283, CVE-2019-6286, CVE-2018-19797, CVE-2018-11698, CVE-2023-39325, CVE-2022-46175

  • see the “Remediation/Fixes” section of the reference site [3] and the contents of the reference site [4]

 

CVE-2023-34623

  • see the “Remediation/Fixes” section of the reference site [5]

 

CVE-2022-43842

  • IBM Aspera Console 3.4.2 Patch Level Version

 

CVE-2010-3300

  • IBM Sterling B2B Integrator 6.0.3.9 Version
  • IBM Sterling B2B Integrator 6.1.2.5, 6.2.0.0 Versions

 

Referenced Sites

 

[1] Security Bulletin: Due to use of Apache Struts, IBM Sterling File Gateway is affected by denial of service vulnerabilities (CVE-2023-34149, CVE-2023-34396)
https://www.ibm.com/support/pages/node/7116073
[2] Security Bulletin: IBM Sterling B2B Integrator affected by multiple vulnerabilities due to snappy-java
https://www.ibm.com/support/pages/node/7116082
[3] Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components
https://www.ibm.com/support/pages/node/7112503
[4] Download IBM Planning Analytics Local v2.0: Planning Analytics Workspace Release 93 from Fix Central
https://www.ibm.com/support/pages/node/7118705
[5] Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow – CVE-2023-34623
https://www.ibm.com/support/pages/node/7122720
[6] Security Bulletin: IBM Aspera Console 3.4.2 PL7 has addressed a SQL injection vulnerability (CVE-2022-43842)
https://www.ibm.com/support/pages/node/7122632
[7] Security Bulletin: IBM Sterling B2B Integrator is vulnerable to information disclosure due to OWASP ESAPI (CVE-2010-3300)
https://www.ibm.com/support/pages/node/7116078

Tags:

Previous Post

Next Post