Security Vulnerabilities in IBM Products: Critical CVEs in the Second Half of August

byAurora_Feniks -

 Security Vulnerabilities in IBM Products: Critical CVEs in the Second Half of August


  • Aug 29, 2023

Technology giant IBM offers a variety of products and services to the business world. However, it's a known fact that complex software ecosystems always come with security risks. In this article, we will provide a general overview of critical Common Vulnerabilities and Exposures (CVEs) that have emerged in IBM products during the second half of August. These vulnerabilities come in different types, including Cross-site Scripting (XSS), Command Injection, Denial of Service (DoS), and they affect various IBM products.


IBM Security Guardium:
1. CVE-2023-30436 (Cross-site Scripting):

  • Type: Cross-site Scripting (XSS)

  • Affected Versions: Guardium 11.3, 11.4, 11.5

  • Description: This vulnerability allows attackers to inject malicious commands into web pages seen by other users.

2. CVE-2022-43907 (Remote Code Execution):

  • Type: Remote Code Execution

  • Affected Versions: Guardium 11.3, 11.4, 11.5

  • Description: This critical vulnerability enables remote attackers to execute arbitrary code on the affected system.

3. CVE-2022-43909 (Cross-site Scripting):

  • Type: Cross-site Scripting (XSS)

  • Affected Versions: Guardium 11.3, 11.4, 11.5

  • Description: Similar to CVE-2023-30436, this vulnerability relates to injecting malicious commands.

IBM InfoSphere Information Server:
1. CVE-2023-23473 (Cross-site Request Forgery):

  • Type: Cross-site Request Forgery (CSRF)

  • Affected Versions: 11.7

  • Description: CSRF attacks can lead users to perform actions on a different website without their knowledge.

2. CVE-2023-22877 (CSV Injection):

  • Type: CSV Injection

  • Affected Versions: 11.7

  • Description: This vulnerability is associated with manipulating CSV files, potentially leading to code execution.

IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager - GCKM):
1. CVE-2023-26270 (Angular Template Injection):

  • Type: Angular Template Injection

  • Affected Versions: 1.10.3

  • Description: This vulnerability may carry the risk of executing arbitrary code within Angular templates.

2. CVE-2023-26271 (Inadequate Account Lockout Setting):

  • Type: Inadequate Account Lockout Setting

  • Affected Versions: 1.10.3

  • Description: This vulnerability may impact account security through inadequate lockout settings.

3. CVE-2023-26272 (Sensitive Information Disclosure):

  • Type: Sensitive Information Disclosure

  • Affected Versions: 1.10.3

  • Description: This vulnerability could potentially lead to the exposure of sensitive information.

IBM Robotic Process Automation:
1. CVE-2023-38734 (Incorrect Privilege Assignment):

  • Type: Incorrect Privilege Assignment

  • Affected Versions: 21.0.0 - 21.0.7.1, 23.0.0 - 23.0.1

  • Description: This vulnerability could result in unauthorized access due to incorrect privilege assignments.

2. CVE-2023-38733 (Information Disclosure):

  • Type: Information Disclosure

  • Affected Versions: 21.0.0 - 21.0.7.1, 23.0.0 - 23.0.1

  • Description: Information disclosure vulnerabilities may reveal sensitive data to unauthorized users.

3. CVE-2023-40370 (Information Disclosure):

  • Type: Information Disclosure

  • Affected Versions: 21.0.0 - 21.0.7.1

  • Description: Another information disclosure vulnerability affecting specific versions of IBM Robotic Process Automation.

IBM TXSeries:
1. CVE-2023-38721 (Denial of Service):

  • Type: Denial of Service (DoS)

  • Affected Versions: Via "National Vulnerability Database"

  • Description: Denial of Service vulnerabilities can disrupt the normal operation of software or systems.

2. CVE-2023-38741 (Denial of Service):

  • Type: Denial of Service (DoS)

  • Affected Versions: Via "National Vulnerability Database"

  • Description: Another DoS vulnerability affecting IBM TXSeries.

IBM Robotic Process Automation 21.0.0 - 21.0.7:
1. CVE-2023-38732 (Sensitive Information Disclosure in Application Logs):

  • Type: Sensitive Information Disclosure

  • Affected Versions: 21.0.0 - 21.0.7

  • Description: This vulnerability could expose sensitive information through application logs.


These CVEs emphasize the importance of keeping IBM products up-to-date and promptly applying relevant security patches. IBM's efforts to address these vulnerabilities are crucial for maintaining the security and integrity of their products in today's ever-changing threat landscape. Organizations using IBM solutions should stay informed about security updates and take proactive measures to protect their systems and data.

 





Tags

Aurora_Feniks

I have extensive experience working on various projects within the IT field, which has provided me with a comprehensive understanding of all areas related to information technology. My expertise in cyber security and my hands-on experience with current scenarios have given me a well-rounded perspective on security issues.

You might like

View all

Post a Comment

Hello, share your thoughts with us.

Previous Post Next Post

İletişim Formu