Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.4753
Security Bulletin: IBM Cognos Business Intelligence has
addressed multiple vulnerabilties
20 December 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Cognos Business Intelligence
Publisher: IBM
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Increased Privileges -- Remote/Unauthenticated
Modify Arbitrary Files -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-11771 CVE-2019-4473 CVE-2019-4046
CVE-2019-2989 CVE-2019-2983 CVE-2019-2981
CVE-2019-2978 CVE-2019-2973 CVE-2019-2964
CVE-2019-2816 CVE-2019-2769 CVE-2019-2762
CVE-2019-2602 CVE-2019-2426 CVE-2018-12547
CVE-2018-11784 CVE-2018-8039 CVE-2018-3180
CVE-2018-3139 CVE-2018-1934 CVE-2018-1902
CVE-2018-1890 CVE-2018-1305 CVE-2018-1304
CVE-2018-0734 CVE-2017-15422 CVE-2017-14952
CVE-2017-12626 CVE-2016-7415 CVE-2014-9654
CVE-2014-7926 CVE-2014-7923 CVE-2013-0004
CVE-2012-0163 CVE-2012-0161 CVE-2012-0160
CVE-2011-4599 CVE-2009-3126 CVE-2009-2504
CVE-2009-2503 CVE-2009-2502 CVE-2009-2501
CVE-2009-0090
Reference: ESB-2019.4748
ESB-2019.4582
Original Bulletin:
https://www.ibm.com/support/pages/node/1142626
- --------------------------BEGIN INCLUDED TEXT--------------------
IBM Cognos Business Intelligence has addressed multiple vulnerabilties
Security Bulletin
Summary
There are multiple vulnerabilities in IBM Runtime Environment Java Version 7
used by IBM Cognos Business Intelligence. These issues were disclosed as part
of the IBM Java SDK updates in October 2018, January 2019, April 2019, July
2019 and October 2019. IBM Cognos Business Intelligence has addressed the
applicable CVEs. Vulnerabilities have been addressed in the following 3rd party
software components that are consumed by IBM Cognos Business Intelligence: IBM
Websphere Liberty, OpenSSL, Apache HTTP Server, Apache POI, Microsoft C++
Runtime Library, ICU for C++, and OpenSSL An XSRF vulnerability in the IBM
Cognos Business Intelligence has also been addressed.
Vulnerability Details
CVEID: CVE-2019-4046
DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is
vulnerable to a denial of service, caused by improper handling of request
headers. A remote attacker could exploit this vulnerability to cause the
consumption of Memory. IBM X-Force ID: 156242.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
156242 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-3139
DESCRIPTION: An unspecified vulnerability related to the Java SE Networking
component could allow an unauthenticated attacker to obtain sensitive
information resulting in a low confidentiality impact using unknown attack
vectors.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
151455 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)
CVEID: CVE-2018-3180
DESCRIPTION: An unspecified vulnerability related to the Java SE JSSE component
could allow an unauthenticated attacker to cause low confidentiality impact,
low integrity impact, and low availability impact.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
151497 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2018-1934
DESCRIPTION: IBM Cognos Business Intelligence is vulnerable to cross-site
request forgery which could allow an attacker to execute malicious and
unauthorized actions transmitted from a user that the website trusts.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
153179 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
CVEID: CVE-2018-1305
DESCRIPTION: Security constraints defined by annotations of Servlets in Apache
Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to
7.0.84 were only applied once a Servlet had been loaded. Because security
constraints defined in this way apply to the URL pattern and any URLs below
that point, it was possible - depending on the order Servlets were loaded - for
some security constraints not to be applied. This could have exposed resources
to users who were not authorised to access them.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
139475 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2018-1304
DESCRIPTION: The URL pattern of "" (the empty string) which exactly maps to the
context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4,
8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a
security constraint definition. This caused the constraint to be ignored. It
was, therefore, possible for unauthorised users to gain access to web
application resources that should have been protected. Only security
constraints with a URL pattern of the empty string were affected.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
139476 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2019-2964
DESCRIPTION: An unspecified vulnerability in Java SE related to the Concurrency
component could allow an unauthenticated attacker to cause a denial of service
resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
169270 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-2973
DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP
component could allow an unauthenticated attacker to cause a denial of service
resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
169279 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-2978
DESCRIPTION: An unspecified vulnerability in Java SE related to the Networking
component could allow an unauthenticated attacker to cause a denial of service
resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
169284 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-2981
DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP
component could allow an unauthenticated attacker to cause a denial of service
resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
169287 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-2983
DESCRIPTION: An unspecified vulnerability in Java SE related to the
Serialization component could allow an unauthenticated attacker to cause a
denial of service resulting in a low availability impact using unknown attack
vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
169289 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-2989
DESCRIPTION: An unspecified vulnerability in Java SE could allow an
unauthenticated attacker to cause no confidentiality impact, high integrity
impact, and no availability impact.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
169295 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)
CVEID: CVE-2019-2816
DESCRIPTION: An unspecified vulnerability related to the Java SE Networking
component could allow an unauthenticated attacker to cause low confidentiality
impact, low integrity impact, and no availability impact.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
163878 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2019-2762
DESCRIPTION: An unspecified vulnerability related to the Java SE Utilities
component could allow an unauthenticated attacker to cause a denial of service
resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
163826 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-2769
DESCRIPTION: An unspecified vulnerability related to the Java SE Utilities
component could allow an unauthenticated attacker to cause a denial of service
resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
163832 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-4473
DESCRIPTION: Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8
on the AIX platform use insecure absolute RPATHs, which may facilitate code
injection and privilege elevation by local users. IBM X-Force ID: 163984.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
163984 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-11771
DESCRIPTION: AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs
which may facilitate code injection and privilege elevation by local users.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
163989 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-1890
DESCRIPTION: IBM SDK, Java Technology Edition Version 8 on the AIX platform
uses absolute RPATHs which may facilitate code injection and privilege
elevation by local users. IBM X-Force ID: 152081.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
152081 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)
CVEID: CVE-2018-12547
DESCRIPTION: Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by
improper bounds checking by the jio_snprintf()and jio_vsnprintf() functions. By
sending an overly long argument, a remote attacker could overflow a buffer and
execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
157512 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-2426
DESCRIPTION: An unspecified vulnerability related to the Java SE Networking
component could allow an unauthenticated attacker to obtain sensitive
information resulting in a low confidentiality impact using unknown attack
vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
155744 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2018-8039
DESCRIPTION: It is possible to configure Apache CXF to use the com.sun.net.ssl
implementation via 'System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal. www.protocol" ;);'. When this system property is
set, CXF uses some reflection to try to make the HostnameVerifier work with the
old com.sun.net.ssl.HostnameVerifier interface. However, the default
HostnameVerifier implementation in CXF does not implement the method in this
interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5
and 3.1.16 the exception is caught in the reflection code and not properly
propagated. What this means is that if you are using the com.sun.net.ssl stack
with CXF, an error with TLS hostname verification will not be thrown, leaving a
CXF client subject to man-in-the-middle attacks.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
145516 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2018-11784
DESCRIPTION: When the default servlet in Apache Tomcat versions 9.0.0.M1 to
9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory
(e.g. redirecting to '/foo/' when the user requested '/foo') a specially
crafted URL could be used to cause the redirect to be generated to any URI of
the attackers choice.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
150860 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)
CVEID: CVE-2019-2602
DESCRIPTION: An unspecified vulnerability related to the Java SE Libraries
component could allow an unauthenticated attacker to cause a denial of service
resulting in a high availability impact using unknown attack vectors.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
159698 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-0734
DESCRIPTION: The OpenSSL DSA signature algorithm has been shown to be
vulnerable to a timing side channel attack. An attacker could use variations in
the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a
(Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in
OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
152085 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2017-12626
DESCRIPTION: Apache POI in versions prior to release 3.17 are vulnerable to
Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF,
MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions
while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
138361 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2009-2502
DESCRIPTION: Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1,
Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office
System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word
Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3,
Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office
Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and
SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL
Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer
2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0
allows remote attackers to execute arbitrary code via a crafted TIFF image
file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
CVSS Base score: 9.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
53527 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVEID: CVE-2009-0090
DESCRIPTION: Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not
properly validate .NET verifiable code, which allows remote attackers to obtain
unintended access to stack memory, and execute arbitrary code, via (1) a
crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or
(3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer
Verification Vulnerability."
CVSS Base score: 9.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
48293 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVEID: CVE-2012-0163
DESCRIPTION: Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4,
and 4.5 does not properly validate function parameters, which allows remote
attackers to execute arbitrary code via (1) a crafted XAML browser application
(aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework
application, aka ".NET Framework Parameter Validation Vulnerability."
CVSS Base score: 9.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
74377 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVEID: CVE-2009-2503
DESCRIPTION: GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3,
Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office
System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word
Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3,
Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office
Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and
SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL
Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer
2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0
does not properly allocate an unspecified buffer, which allows remote attackers
to execute arbitrary code via a crafted TIFF image file that triggers memory
corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
CVSS Base score: 9.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
53528 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVEID: CVE-2009-3126
DESCRIPTION: Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1,
Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office
System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word
Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3,
Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office
Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and
SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL
Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer
2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0
allows remote attackers to execute arbitrary code via a crafted PNG image file,
aka "GDI+ PNG Integer Overflow Vulnerability."
CVSS Base score: 9.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
53530 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVEID: CVE-2009-2504
DESCRIPTION: Multiple integer overflows in unspecified APIs in GDI+ in
Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP
SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold,
Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2,
Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003
Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer,
Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for
Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web,
Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000
Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1,
Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote
attackers to execute arbitrary code via (1) a crafted XAML browser application
(XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework
application, aka "GDI+ .NET API Vulnerability."
CVSS Base score: 9.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
53529 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVEID: CVE-2009-2501
DESCRIPTION: Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer
6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft
Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word
Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3,
Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office
Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and
SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL
Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer
2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0
allows remote attackers to execute arbitrary code via a crafted PNG image file,
aka "GDI+ PNG Heap Overflow Vulnerability."
CVSS Base score: 9.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
53526 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVEID: CVE-2012-0160
DESCRIPTION: Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5
SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote
attackers to execute arbitrary code via (1) a crafted XAML browser application
(aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework
Serialization Vulnerability."
CVSS Base score: 9.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
74375 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVEID: CVE-2013-0004
DESCRIPTION: Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5,
3.5.1, 4, and 4.5 does not properly validate the permissions of objects in
memory, which allows remote attackers to execute arbitrary code via (1) a
crafted XAML browser application (XBAP) or (2) a crafted .NET Framework
application, aka "Double Construction Vulnerability."
CVSS Base score: 9.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
80871 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVEID: CVE-2012-0161
DESCRIPTION: Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5
SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use
of partially trusted assemblies to serialize input data, which allows remote
attackers to execute arbitrary code via (1) a crafted XAML browser application
(aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework
Serialization Vulnerability."
CVSS Base score: 9.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
74376 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVEID: CVE-2018-1902
DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could
allow a remote attacker to spoof connection information which could be used to
launch further attacks against the system. IBM X-Force ID: 152531.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
152531 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2017-15422
DESCRIPTION: Integer overflow in international date handling in International
Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google
Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to
perform an out of bounds memory read via a crafted HTML page.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
136054 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2014-9654
DESCRIPTION: The Regular Expressions package in International Components for
Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before
40.0.2214.91, calculates certain values without ensuring that they can be
represented in a 24-bit field, which allows remote attackers to cause a denial
of service (memory corruption) or possibly have unspecified other impact via a
crafted string, a related issue toCVE-2014-7923.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
110456 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2014-7926
DESCRIPTION: The Regular Expressions package in International Components for
Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before
40.0.2214.91, allows remote attackers to cause a denial of service (memory
corruption) or possibly have unspecified other impact via vectors related to a
zero-length quantifier.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
100297 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2014-7923
DESCRIPTION: The Regular Expressions package in International Components for
Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before
40.0.2214.91, allows remote attackers to cause a denial of service (memory
corruption) or possibly have unspecified other impact via vectors related to a
look-behind expression.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
100294 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2011-4599
DESCRIPTION: Stack-based buffer overflow in the _canonicalize function in
common/uloc.c in International Components for Unicode (ICU) before 49.1 allows
remote attackers to execute arbitrary code via a crafted locale ID that is not
properly handled during variant canonicalization.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
71726 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVEID: CVE-2017-14952
DESCRIPTION: Double free in i18n/zonemeta.cpp in International Components for
Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute
arbitrary code via a crafted string, aka a "redundant UVector entry clean up
function call" issue.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
133526 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-7415
DESCRIPTION: Stack-based buffer overflow in the Locale class in common/
locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++
allows remote attackers to cause a denial of service (application crash) or
possibly have unspecified other impact via a long locale string.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
117035 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
IBM Cognos Business Intelligence 10.2.2
Remediation/Fixes
The recommended solution is to apply the fix for versions listed as soon as
practical.
IBM Cognos Business Intelligence 10.2.2 IF22
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXfxwmWaOgq3Tt24GAQjJiQ//VCNO3xcMpAfk7SUxGaZo9U+00j1wsrpu
26WYFlJjGwjXcP1mW2XvFKceoB3VX2CRt09ngLu0gltzvMS/o+xyHeq2ZYmLhv5D
gQ5BdQ6e2e0xYioprjoXCuSNS9haPEtpLNTwz29YHihZa5xi0L4g1XnQ1H+Taj9M
Z9HD3JoOTX6En4P03IVSLC59vZwxEi+Rcl0rdOTkQbip9coEh9x4JvruwDdSxXOb
A+V9c83jsc6U9q5eVMfmiOq4HEyvhUsSxZxjnekMnFzDddTUhzMqt3gfdk8hFaRg
GojuZ49a8wD43c7eWmXe2S/NNqqR8a0Wa5BLJoFhCtb90ARzjlDbNZmCy6HTO4fO
u9olYNh6Y3nJHPMxs3/ou0ZGERYI8wwe3hB3vVcL5qvjjiJzMEMl9Deo6zRGxv19
s3ePqQJvTm1mqLtgZXnrogD+Mwu9jEHU7Q1fTmHvHbx5TSCO6XyHH497eKfRIqEx
8DNYwEBLGiC3bzsBx5hZnbO66+Hzp03aOIBo+scNsLONKp5hxfDWDkuqIo6eDZPc
FbZ3IEAwiBrCh3whbAvTFY7G9Okyc09QUvYuUNFJy2xsUr5OCeAMBQg5J33b08jj
Y/6CzVTHWCTrtvl79gbc03tolz03PMMqU4jIT36IsBSMelQ+NwgSsJ8BPWiSCjZT
oyJRb78gg8c=
=jGgU
-----END PGP SIGNATURE-----