Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 10 and Feb. 17.

Threat Round up for February 10 to February 17

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238684.

  

**Summary**

IBM Sterling B2B Integrator has addressed the cross-site scripting security vulnerability.

**Vulnerability Details**

**CVEID:**   CVE-2022-43579  
**DESCRIPTION:**   IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  
CVSS Base score: 4.6  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238684 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)

**Affected Products and Versions**

**Affected Product(s)**

**Version(s)**

IBM Sterling B2B Integrator

6.0.0.0 - 6.0.3.7

IBM Sterling B2B Integrator

6.1.0.0 - 6.1.2.0

  

**Remediation/Fixes**

**Product  
**

**Version**

**APAR**

**Remediation & Fix**

IBM Sterling B2B Integrator

6.0.0.0 - 6.0.3.7

IT42394

Apply 6.0.3.8

IBM Sterling B2B Integrator

6.1.0.0 - 6.1.2.0

IT42394

Apply 6.1.2.1

The IIM versions of 6.0.3.8 and 6.1.2.1 are available on Fix Central. 

The container version of 6.1.2.1 is available in IBM Entitled Registry with following tags.  

*   cp.icr.io/cp/ibm-b2bi/b2bi:6.1.2.1 for IBM Sterling B2B Integrator
*   cp.icr.io/cp/ibm-sfg/sfg:6.1.2.1 for IBM Sterling File Gateway

**Workarounds and Mitigations**

None

**References**

Off

**Change History**

10 Feb 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"},{"code":"PF002","label":"AIX"}\],"Version":"6.0.0.0 - 6.1.2.1","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}\]

CVE-2022-43579: Security Bulletin: IBM Sterling B2B Integrator is vulnerable to cross-site scripting (CVE-2022-43579)

A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function.

Hello, I found that when ujcms V4.1.3 of your company added articles in the background, the redirection link was selected, and the url was not verified when the new window was opened without checking the check box. javascript pseudo-protocol is used to carry out cross-site attack. When the viewer clicks on the article, the cross-site attack is triggered. The user's browser control permissions and sensitive information can be obtained in this way.

Specific steps: When adding new articles, turn to the url and input javascript:alert(1). Click Save. When clicking the new articles in the foreground, js events can be triggered.  
  

Suggestion: If you want to add a forward link, verify the location of the forward url in the system, for example, limit it to HTTP or HTTPS.

CVE-2023-24369: XSS attacks may occur on the UJCMS · Issue #3 · ujcms/ujcms

IBM Aspera Faspex 4.4.1 could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.

**Security Bulletin**

  

**Summary**

This Security Bulletin addresses security vulnerabilities that have been remediated in IBM Aspera Faspex 4.4.2 PL2.

**Vulnerability Details**

**CVEID:**   CVE-2022-28330  
**DESCRIPTION:**   Apache HTTP Server could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to read beyond bounds when configured to process requests with the mod\_isapi module.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228341 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

**CVEID:**   CVE-2023-22868  
**DESCRIPTION:**   IBM Aspera Faspex is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  
CVSS Base score: 5.4  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244117 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

**CVEID:**   CVE-2022-30556  
**DESCRIPTION:**   Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by an error in mod\_lua with websockets. An attacker could exploit this vulnerability to return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228336 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

**CVEID:**   CVE-2022-31813  
**DESCRIPTION:**   Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by the failure to send the X-Forwarded-\* headers to the origin server based on client side Connection header hop-by-hop mechanism. An attacker could exploit this vulnerability to bypass IP based authentication on the origin server/application.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228337 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**   CVE-2022-30522  
**DESCRIPTION:**   Apache HTTP Server is vulnerable to a denial of service when configured to do transformations with mod\_sed in contexts where the input to mod\_sed may be very large. By making excessively large memory allocations, a remote attacker could exploit this vulnerability to trigger an abort.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228338 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**   CVE-2022-47986  
**DESCRIPTION:**   IBM Aspera Faspex could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2.  
CVSS Base score: 8.1  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/243512 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**   CVE-2022-28615  
**DESCRIPTION:**   Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a read beyond bounds in ap\_strcmp\_match() when provided with an extremely large input buffer. An attacker could exploit this vulnerability to crash or disclose information.  
CVSS Base score: 6.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228340 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

**CVEID:**   CVE-2022-26377  
**DESCRIPTION:**   Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent Interpretation of HTTP Requests vulnerability in mod\_proxy\_ajp. An attacker could exploit this vulnerability to smuggle requests to the AJP server it forwards requests to.  
CVSS Base score: 7.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228343 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

**CVEID:**   CVE-2018-25032  
**DESCRIPTION:**   Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many distant matches, a remote attacker could exploit this vulnerability to cause the application to crash.  
CVSS Base score: 7.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222615 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**   CVE-2022-2068  
**DESCRIPTION:**   OpenSSL could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the c\_rehash script. By sending a specially-crafted request using shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands with the privileges of the script on the system.  
CVSS Base score: 7.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/226018 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

**Affected Products and Versions**

IBM Aspera Faspex 4.4.1 and earlier

**Remediation/Fixes**

It is recommended to apply the fix as soon as possible, see link below.

**Product(s)**

**Fixing VRM**

**Platform**

**Link to Fix**

IBM Aspera Faspex

4.4.2 PL2

Windows

click here

IBM Aspera Faspex

4.4.2 PL2

Linux

click here

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

CVE-2023-22868 and CVE-2022-47986 were reported to IBM by Max Garrett - Assetnote

**Change History**

26 Jan 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSGPEF","label":"IBM Aspera Faspex"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}\],"Version":"4.4.2","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}\]

CVE-2022-47986: IBM Aspera Faspex 4.4.2 PL2 has addressed multiple vulnerabilities (CVE-2022-28330, CVE-2023-22868, CVE-2022-30556, CVE-2022-31813, CVE-2022-30522, CVE-2022-47986, CVE-2022-28615, CVE-2022-26377, CVE-

Debian Linux Security Advisory 5352-1 - An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5352-1                   security@debian.org  
https://www.debian.org/security/                           Alberto Garcia  
February 17, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : wpewebkit  
CVE ID         : CVE-2023-23529

The following vulnerabilities have been discovered in the WPE WebKit  
web engine:

CVE-2023-23529

    An anonymous researcher discovered that processing maliciously  
    crafted web content may lead to arbitrary code execution. Apple is  
    aware of a report that this issue may have been actively  
    exploited.

For the stable distribution (bullseye), this problem has been fixed in  
version 2.38.5-1~deb11u1.

We recommend that you upgrade your wpewebkit packages.

For the detailed security status of wpewebkit please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/wpewebkit

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmPut/YACgkQAAyEYu0C  
2ALzdQ/+JiHZbOIr708QorZwSUjVxCQdpCQ7GaSBlmyRoI+vJ2IJ091mIXQi441J  
lG7rd1vDVw/2YHmjgSZG9wyezMP5SNeYczfrFmZ3pmueR5Ki/qHi/oOVFCYkp5GR  
ErbyU0v6uO2Z6VvP30A43/jmWpNa261Jnj3kXJ818b/5ZZpB1JuDana86yY7k7h/  
vXB9XmsAcn1CqEBT+0tHlBQJOl3Fy+OppLZKwh2AQulthTZILSO+F43hhfycvshc  
ecQ9BWG5fKjlYA078RpKRXh4slmh4QrdShVRUeh7DudjpX+AJLUMzStrlQgF8lqK  
OnZ3H43Ap8OF5Y+IgvorqcHhWHUB/sPn+rNpVOiXx2GWQ0P2RPC+ofRYMdRahorr  
CQdoOGh3dEXBlh3qkeUJc6ont4ZQbzTdmJ8ek2otEkmafLpGQCBjdk+W084nSXBA  
wvI6ShSP/a3tT5tsEOdRaM90K89EwkHtO7DlisgtJbgQK5psT+0/m+LtKI20Nvn2  
y3OdNfEEW+fKIdH23B3s53ihWb6mnJUKEu3KbRyX7CRM5UqUOLVqP7J8Y8Qm57hs  
LRNLcPzYirxRTJvEjj23bqLZXVt1Uw/SgM36Gn1YShcAfvcxIGguIy05WUbkbD7V  
pUW+Xv9zjchSAaInZOJyrPFdH9a3GWRZFkn7WBd9xa9hYj6bcRE=  
=zqsP  
-----END PGP SIGNATURE-----

Debian Security Advisory 5352-1

Red Hat Security Advisory 2023-0804-01 - An update is now available for Red Hat OpenShift GitOps 1.5. Red Hat Product Security has rated this update as having a security impact of Important.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenShift GitOps security update  
Advisory ID:       RHSA-2023:0804-01  
Product:           Red Hat OpenShift GitOps  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0804  
Issue date:        2023-02-17  
CVE Names:         CVE-2021-4238 CVE-2022-3064 CVE-2022-23521   
                   CVE-2022-40303 CVE-2022-40304 CVE-2022-41903   
                   CVE-2022-47629 CVE-2023-23947   
=====================================================================

1. Summary:

An update is now available for Red Hat OpenShift GitOps 1.5.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Security Fix(es):

* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as  
random as they should be (CVE-2021-4238)

* go-yaml: Improve heuristics preventing CPU/memory abuse by parsing  
malicious or large YAML documents (CVE-2022-3064)

* ArgoCD: Users with any cluster secret update access may update  
out-of-bounds cluster secrets (CVE-2023-23947)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be  
2163037 - CVE-2022-3064 go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents  
2167819 - CVE-2023-23947 ArgoCD: Users with any cluster secret update access may update out-of-bounds cluster secrets

5. References:

https://access.redhat.com/security/cve/CVE-2021-4238  
https://access.redhat.com/security/cve/CVE-2022-3064  
https://access.redhat.com/security/cve/CVE-2022-23521  
https://access.redhat.com/security/cve/CVE-2022-40303  
https://access.redhat.com/security/cve/CVE-2022-40304  
https://access.redhat.com/security/cve/CVE-2022-41903  
https://access.redhat.com/security/cve/CVE-2022-47629  
https://access.redhat.com/security/cve/CVE-2023-23947  
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+8eo9zjgjWX9erEAQiOPg/+OeivacdZq0CEDwRXRWJKJPfz3IyrcHFH  
JEcqXIU1Oxp3BBgPZ7ZhledPaNHB2W+LPiZPe9Qm4S8N0lFdcFs7Cq00Aptrz7cn  
YXyfYVKarruo5blzb771wdhFQP7PoryVvkbqUK6Kv1uPGHjBk0pv/Gbq6ClsXtdz  
E7BnH6zL37WObwLVy8d9Ex8PWXlzF4UaHE0sJtnf1wvsBDSISPc/YNv63KIabOE7  
CV0KppbJ7ViOR8bEFB333vyc9HBLfIQ2of7SdcbeB8sLS55sC0V2JxiRvjcgTSHZ  
OTW1rS6eKq+1GnViCSYI2diqEEYgJaIjuKAW8l6AAGIPCfRHQ92yqqWCSzrBWczL  
XXVYQRzjcDwnpjfG1ubF6mf6uf4cbyDiRkT1/uGFerjQb82WfXH5Vv47Yjryw2iX  
u/G0gnP63xIBKH6r/uQUuX/S0RK6zzLj6+Dcgqs6/Qn+YITaeNcJQt+7rVRexz0P  
fk01LzB/i6HAaoWdpnoG/LBvUsfcIpvmVDAl12wFuU6yuNV/E5E+fvHvEQqIIt3c  
MGQKn2e+epGZ3+3qv6Ma4GnKjqJCEvdWSiolE2QV7VsKi+sp6223G2wmjRqUKMGC  
xDQ2D5BjXkHmKMUUCY9pCKlY486fDKJDkTvVu2oK1kOBOq8jYELfI5OBu8jh1Tgu  
SkBkF1ACbh0=  
=5vpQ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0804-01

Red Hat Security Advisory 2023-0577-01 - This release of Red Hat build of Eclipse Vert.x 4.3.7 GA includes security updates. For more information, see the release notes listed in the References section. Issues addressed include a denial of service vulnerability.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256=====================================================================                   Red Hat Security AdvisorySynopsis:          Moderate: Red Hat build of Eclipse Vert.x 4.3.7 security updateAdvisory ID:       RHSA-2023:0577-01Product:           Red Hat OpenShift Application RuntimesAdvisory URL:      https://access.redhat.com/errata/RHSA-2023:0577Issue date:        2023-02-16CVE Names:         CVE-2022-41854 CVE-2022-41881 =====================================================================1. Summary:An update is now available for Red Hat build of Eclipse Vert.x.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability. Formore information, see the CVE pages listed in the References section.2. Description:This release of Red Hat build of Eclipse Vert.x 4.3.7 GA includes securityupdates. For more information, see the release notes listed in theReferences section.Security Fix(es):* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS(CVE-2022-41881)* dev-java-snakeyaml: dev-java/snakeyaml: DoS via stack overflow(CVE-2022-41854)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgements, and other related information, refer to the CVEpage(s) listed in the References section.3. Solution:Before applying the update, back up your existing installation, includingall applications, configuration files, databases and database settings, andso on.The References section of this erratum contains a download link for theupdate. You must be logged in to download the update.4. Bugs fixed (https://bugzilla.redhat.com/):2151988 - CVE-2022-41854 dev-java/snakeyaml: DoS via stack overflow2153379 - CVE-2022-41881 codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS5. References:https://access.redhat.com/security/cve/CVE-2022-41854https://access.redhat.com/security/cve/CVE-2022-41881https://access.redhat.com/security/updates/classification/#moderatehttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=catRhoar.eclipse.vertx&version=4.3.7https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.3/html/release_notes_for_eclipse_vert.x_4.3/index6. Contact:The Red Hat security contact is <secalert@redhat.com>. More contactdetails at https://access.redhat.com/security/team/contact/Copyright 2023 Red Hat, Inc.-----BEGIN PGP SIGNATURE-----Version: GnuPG v1iQIVAwUBY+514NzjgjWX9erEAQiXsA//R2iUqv8p0cLhsqlXZhX8fnWgGyHT5YI/ECvfslAn+5JB/HaeZNYQpovrHadLuWU1ZWjWunbd7ioaknY/SnQXww+L+FFFVfFOa57J1okP7N8/aDzXCJmQ64lDr65j5kUwv8UPyryOe0GZH0SU9WErRAULf+Q/48wAQVl6C2rEBlhy195kH1waCuCls0BD7x3IcrmrpbCFfiIQtDcpW7SRlk691vVamzRlCHj/aWr2WWpBEG10ic6NOUjSlosfZqvMJ4deIaU+xPc+ovAwiVzoxoT7YB7wE4+N61pwpABTP2sxI2wDHtbS5C0LkEDWtvTvaVEd8CT9SYNhOI4EcN5waHzXFzRxZ4LOu92q7niL/Ao5jjHqHMbFdWfClXandpBiV54EtQuht1IHwYm/jHLDFQKoIbuO0CAjY4q6gLG/+N63gEBy5Wlpikuqy5vWW+ftCD4r32cix/dOP342NBRwhT+dZ5e3+iWXUDziXhv8a8Z4PxJOPeD7liSER8yhBU/6mxrljBBUVg7/hQCbq+2OQ33vvIaalma18MI9Oej13h/iNxYC2244Sp3EupImmwUjXOiUHyElz5QjhXe/u7qB9QQ/sDky8BL2B/3F8EnPKOUjQt+/xqCPdHXINJsLYBAGXHx/Iz6jVxg3ERFHyPW5EXR6yboIp0vAfebL5QRld3U==iFMn-----END PGP SIGNATURE-------RHSA-announce mailing listRHSA-announce@redhat.comhttps://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0577-01

SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint.

****Subscribe YouTube** For Latest Update **Click Here********100 + PHP Projects with Source Code** **

The Online Doctor Appointment Booking System PHP and Mysql is a simple project developed using PHP, JavaScript, and CSS. The project contains an admin and user sides. The admin side manages all the management like managing schedules, patient records and manage the appointment time, manage treatment facilities, and so on. The admin has an important role in the management of this Online Doctor Appointment Booking System PHP and Mysql.

This Project Like Doctor manage Personal Clinic Appointment ....small project

**Brief overview of the technology:**

Front end: HTML, CSS, JavaScript

1.  HTML: HTML is used to create and save web document. E.g. Notepad/Notepad++
2.  CSS : (Cascading Style Sheets) Create attractive Layout
3.  Bootstrap : responsive design mobile freindly site
4.  JavaScript: it is a programming language, commonly use with web browsers.

Back end: PHP, MySQL

1.  PHP: Hypertext Preprocessor (PHP) is a technology that allows software developers to create dynamically generated web pages, in HTML, XML, or other document types, as per client request. PHP is open source software.
2.  MySQL: MySql is a database, widely used for accessing querying, updating, and managing data in databases.

**Software Requirement(any one)**

*   WAMP Server
*   XAMPP Server
*   MAMP Server
*   LAMP Server

**Installation Steps**

1\. Download zip file and Unzip file on your local server.  
2\. Put this file inside "c:/xamp/htdocs/" .  
3\. Database Configuration  
Open phpmyadmin  
Create Database named db\_healthcare.  
Import database db\_healthcare.sql from downloaded folder(inside database)  
4\. Open Your browser put inside "http://localhost/PHP-Doctor-Appointment-System/"

**Admin Login Details**  
Login Id: 123  
Password: 123

****Download link****

CVE-2020-29168: Online Doctor Appointment Booking System PHP and Mysql | Projectworlds

LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml.

src/main/resources/mybatis/system/RoleMapper.xml

There is a ${} in this mapper

<if test\="deptId != null and deptId != 0"\>
			AND (u.dept\_id = #{deptId} OR u.dept\_id IN ( SELECT t.dept\_id FROM sys\_dept t WHERE FIND\_IN\_SET (#{deptId},ancestors) ))
		</if\>
		
		${params.dataScope}
	</select\>
	

Search selectUserList to see where the this select id is used：

Query user information：  
src/main/java/com/luckyframe/project/system/role/controller/RoleController.java

Follow up the selectUserList method to see the specific implementation：

src/main/java/com/luckyframe/project/system/role/service/RoleServiceImpl.java

The parameters in the User are passed into the mapper for SQL operation. Because the datascope is controllable, the vulnerability is generated

Verification:

Splice URL and parameters according to code:

Use error injection to query the database version：

params\[dataScope\]=and+extractvalue(1,concat(0x7e,substring((select+version()),1,32),0x7e))

Select database name:

CVE-2023-24220: sql inject 1  · Issue #22 · seagull1985/LuckyFrameWeb

LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml.

src/main/resources/mybatis/system/DeptMapper.xml

There is a ${} in this mapper  
  
Search selectDeptList to see where the this select id is used:  
  
/DeptController.java

Query dept information：  
  
Follow up the selectDeptList method to see the specific implementation：

/DeptServiceImpl.java

  
The parameters in the Dept are passed into the mapper for SQL operation. Because the datascope is controllable, the vulnerability is generated  

Verification:

Splice URL and parameters according to code:

Use error injection to query the database version：

params\[dataScope\]=and+extractvalue(1,concat(0x7e,substring((select+version()),1,32),0x7e))

  
Select database name:

Tag

#java