CVE-2023-27545: Breaking Down IBM Watson CloudPak for Data Data Stores Information Disclosure in Version 4.6.

In this post, we'll be taking a deep dive into the CVE-2023-27545 vulnerability that affects IBM Watson CloudPak for Data Data Stores version 4.6.. We'll walk through how this vulnerability allows web pages to be stored locally and accessed by other users on the system, putting sensitive information at risk. We'll also provide the code snippet in question and discuss the exploit details with references to original sources. So let's get started!

CVE-2023-27545 Vulnerability Description

The CVE-2023-27545 vulnerability revolves around the fact that the IBM Watson CloudPak for Data Data Stores version 4.6. allows web pages to be stored locally, which can then be read by another user on the system. This means that sensitive information could be disclosed without the knowledge of the user who initially stored it.

Code Snippet

The vulnerability exists in the code responsible for handling user-generated web pages and storing them locally within the system. For simplicity, we've provided a simplified code snippet below to help illustrate the issue:

function handleWebPage(webPage, userData) {
  let directoryPath = path.join(localDirectory, userData.username);
  ...
  fs.writeFileSync(path.join(directoryPath, webPage.filename), webPage.content);
}

Exploit Details

An attacker could potentially exploit this vulnerability by creating a malicious web page that saves sensitive information locally. This could be done through HTML and JavaScript, and the attacker could access the stored information by simply navigating to the URL of the saved web page. Alternatively, the attacker could look for the local file path once they determine the targeted user's username.

For example, assume an attacker creates the following web page

<!DOCTYPE html>
<html>
<head>
  <title>Malicious Web Page</title>
  <script>
    function saveData() {
      // Gather sensitive data and send it to the server
      let sensitiveData = '...';
      ...
      storeLocally(sensitiveData); // This would call the vulnerable code
    }
  </script>
</head>
<body onload="saveData()">
  ...
</body>
</html>

Once the page is loaded, the attacker could look for the sensitive data within the local directory of the targeted user. Considering they know the targeted user's username, they could access the stored data at the path 'path.join(localDirectory, targetedUser.username)'.

NVD (National Vulnerability Database) detailed information regarding the vulnerability:

- https://nvd.nist.gov/vuln/detail/CVE-2023-27545

IBM's official security bulletin describing the vulnerability:

- https://www.ibm.com/blogs/psirt/...

IBM X-Force sharing the vulnerability details

- https://exchange.xforce.ibmcloud.com/vulnerabilities/248947

Conclusion

In conclusion, the CVE-2023-27545 vulnerability poses a potentially significant risk to users of IBM Watson CloudPak for Data Data Stores version 4.6.. By allowing web pages to be stored locally and accessed by other users on the system, sensitive information can be unknowingly disclosed. Users of this software version should apply any available patches and monitor any updates that may mitigate the risks associated with this vulnerability.

Timeline

Published on: 02/29/2024 02:15:08 UTC
Last modified on: 02/29/2024 13:49:29 UTC