Rewterz Threat Alert – CaddyWipper Ransomware – Active IOCs
March 15, 2022Rewterz Threat Advisory – Multiple Apache HTTP Server Vulnerabilities
March 15, 2022Severity
Medium
Analysis Summary
CVE-2021-38971
IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1, and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitive information.
CVE-2021-39051
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts.
CVE-2021-39055
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2022-22344
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
CVE-2022-22346
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVE-2022-22348
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page.
CVE-2022-22353
IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement.
CVE-2022-22354
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page.
Impact
- Information Disclosure
- Unauthorized Access
- Cross-Site Scripting
- Denial of Service
Indicators of Compromise
CVE
- CVE-2021-38971
- CVE-2021-39051
- CVE-2021-39055
- CVE-2022-22344
- CVE-2022-22348
- CVE-2022-22353
- CVE-2022-22354
Affected Vendors
IBM
Affected Products
- IBM Data Virtualization on Cloud Pak for Data 1.3.0
- IBM Data Virtualization on Cloud Pak for Data 1.5.0
- IBM Data Virtualization on Cloud Pak for Data 1.7.1
- IBM Data Virtualization on Cloud Pak for Data 1.7.3
- IBM Spectrum Copy Data Management 2.2.0.0
- IBM Spectrum Copy Data Management 2.2.14.3
- IBM Spectrum Protect Operations Center 8.1.0.000
- IBM Spectrum Protect Operations Center 8.1.13
- IBM Big SQL on Cloud Pak for Data 7.1.0
- IBM Big SQL on Cloud Pak for Data 7.1.1
- IBM Big SQL on Cloud Pak for Data 7.2.0
- IBM Big SQL on Cloud Pak for Data 7.2.3
- IBM Spectrum Protect Plus 10.1.0.0
- IBM Spectrum Protect Plus 10.1.9.2
Remediation
Refer to IBM Security Advisory for the patch, upgrade, or suggested workaround information.
CVE-2021-38971
CVE-2021-39051
CVE-2021-39055
CVE-2022-22344
CVE-2022-22348
CVE-2022-22353
CVE-2022-22354