IBM Support

Security Bulletin: Multiple security vulnerabilities affect IBM Robotic Process Automation

Security Bulletin


Summary

Python, Apache Spark, Tensorflow and Traefik contain multiple vulnerabilities and are used by IBM Robotic Process Automation as part of Watson NLP (CVE-2022-40898, CVE-2023-22946, CVE-2023-25658, CVE-2023-25659, CVE-2023-25660, CVE-2023-25661, CVE-2023-25662, CVE-2023-25663, CVE-2023-25664, CVE-2023-25665, CVE-2023-25666, CVE-2023-25667, CVE-2023-25668, CVE-2023-25669, CVE-2023-25670, CVE-2023-25671, CVE-2023-25672, CVE-2023-25673, CVE-2023-25674, CVE-2023-25675, CVE-2023-25676, CVE-2023-25801, CVE-2023-27579, CVE-2023-29013).

Vulnerability Details

CVEID:   CVE-2022-40898
DESCRIPTION:   Python Packaging Authority (PyPA) Wheel is vulnerable to a denial of service. A remote attacker could exploit this vulnerability using the WHEEL_INFO_RE regular expression to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/243027 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-22946
DESCRIPTION:   Apache Spark could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw when using spark-submit. By providing specially crafted configuration-related classes on the classpath, an authenticated attacker could exploit this vulnerability to execute arbitrary code with the privileges of the submitting user..
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252824 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-25658
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an out-of-bounds read in GRUBlockCellGrad. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251019 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-25659
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an out-of-bounds read when the indices parameter in DynamicStitch does not match the data parameter. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251018 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-25660
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a segmentation fault when the summarize parameter in tf.raw_ops.Print is zero. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251017 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-25661
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by improper input validation by the Convolution3DTranspose function. By sending a specially crafted input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition on ML cloud services.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251123 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-25662
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an integer overflow in EditDistance. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251016 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-25663
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference in the Lookup function when ctx->step_containter() is a NULL pointer. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251015 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-25664
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in TAvgPoolGrad. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251014 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-25665
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference when SparseSparseMaximum is given invalid sparse tensors as inputs. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251013 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-25666
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a floating point exception in AudioSpectrogram. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251012 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-25667
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an integer overflow when 2^31 <= num_frames * height * width * channels < 2^32. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251011 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-25668
DESCRIPTION:   TensorFlow could allow a remote attacker to execute arbitrary code on the system, caused by a heap-based buffer overflow. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251008 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-25669
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a floating point exception in tf.raw_ops.AvgPoolGrad when the stride and window size are not positive. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251007 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-25670
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference in QuantizedMatMulWithBiasAndDequantize when MKL is enabled. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251005 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-25671
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an out-of-bounds read in ValueMap::Manager::GetValueOrCreatePlaceholder. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251004 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-25672
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference in tf.raw_ops.LookupTableImportV2. By sending a specially-crafted request using the values parameter, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251002 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-25673
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a floating point exception in TensorListSplit when XLA is enabled. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251001 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-25674
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference in RandomShuffle when XLA is enabled. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251000 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-25675
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a segmentation fault in tf.raw_ops.Bincount when running XLA. By sending a specially-crafted request using the weights parameter, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250998 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-25676
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference in tf.raw_ops.ParallelConcat when running XLA. By sending a specially-crafted request using the shape parameter, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250996 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-25801
DESCRIPTION:   TensorFlow could allow a local attacker to execute arbitrary code on the system, caused by a double-free in nn_ops.fractional_avg_pool_v2 and nn_ops.fractional_max_pool_v2. By sending a specially-crafted request using the pooling_ratio parameter, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250995 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H)

CVEID:   CVE-2023-27579
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a floating point exception when a tflite model with a paramater filter_input_channel of less than 1 is constructed. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251021 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-29013
DESCRIPTION:   Traefik is vulnerable to a denial of service, caused by a flaw in HTTP header parsing. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252995 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Robotic Process Automation 21.0.0 - 21.0.7.7, 23.0.0 - 23.0.8
IBM Robotic Process Automation for Cloud Pak 21.0.0 - 21.0.7.7, 23.0.0 - 23.0.8

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.
Product(s) Version(s) number and/or range  Remediation/Fix/Instructions
IBM Robotic Process Automation 21.0.0 - 21.0.7.7 Download 21.0.7.8 or higher and follow these instructions.
IBM Robotic Process Automation for Cloud Pak 21.0.0 - 21.0.7.7 Update to 21.0.7.8 or higher using the following instructions
IBM Robotic Process Automation 23.0.0 - 23.0.8 Download 23.0.9 or higher and follow these instructions.

IBM Robotic Process Automation for Cloud Pak

23.0.0 - 23.0.8 Update to 23.0.9 or higher using the following instructions.

Workarounds and Mitigations

None.

Get Notified about Future Security Bulletins

References

Off

Acknowledgement

Change History

28 Aug 2023: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSC50T","label":"IBM Robotic Process Automation"},"Component":"","Platform":[{"code":"PF040","label":"RedHat OpenShift"},{"code":"PF033","label":"Windows"}],"Version":"21.0.0 - 21.0.7.7, 23.0.0 - 23.0.8","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
31 August 2023

UID

ibm17026754