Rewterz Threat Alert – ALPHV Ransomware Gang Stole Over $300 Million from More Than 1000 Victims
December 22, 2023Rewterz Threat Advisory – Multiple IBM UrbanCode Deploy Vulnerabilities
December 22, 2023Rewterz Threat Alert – ALPHV Ransomware Gang Stole Over $300 Million from More Than 1000 Victims
December 22, 2023Rewterz Threat Advisory – Multiple IBM UrbanCode Deploy Vulnerabilities
December 22, 2023Severity
Medium
Analysis Summary
CVE-2023-40691 CVSS:4.9
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in application configuration to developer and administrator users.
CVE-2023-46177 CVSS:6.5
IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to view arbitrary files on the system.
CVE-2023-45172 CVSS:6.2
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX Windows to cause a denial of service.
CVE-2023-35895 CVSS:6.3
IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API.
Impact
- Denial of Service
- Information Disclosure
- Cross-Site Scripting
Indicators Of Compromise
CVE
- CVE-2023-40691
- CVE-2023-46177
- CVE-2023-45172
- CVE-2023-35895
Affected Vendors
IBM
Affected Products
- IBM AIX 7.2
- IBM VIOS 3.1
- IBM AIX 7.3
- IBM Cloud Pak for Business Automation 18.0.0
- IBM Cloud Pak for Business Automation 18.0.1
- IBM Cloud Pak for Business Automation 18.0.2
- IBM Cloud Pak for Business Automation 19.0.1
- IBM Cloud Pak for Business Automation 19.0.2
- IBM Cloud Pak for Business Automation 19.0.3
- IBM Cloud Pak for Business Automation 20.0.1
- IBM Cloud Pak for Business Automation 20.0.2
- IBM Cloud Pak for Business Automation 20.0.3
- IBM Cloud Pak for Business Automation 21.0.1
- IBM Cloud Pak for Business Automation 21.0.3
- IBM MQ Appliance 9.3 CD
- IBM MQ Appliance 9.3 LTS
- IBM Cloud Pak for Business Automation 22.0.2
- IBM Cloud Pak for Business Automation 23.0.1
- IBM Informix JDBC 4.10
- IBM Informix JDBC 4.50
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.