Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.4058
Security Bulletin: IBM QRadar SIEM Application Framework Base Image is
vulnerable to using components with Known Vulnerabilities
1 December 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM QRadar SIEM
Publisher: IBM
Operating System: Linux variants
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Root Compromise -- Existing Account
Overwrite Arbitrary Files -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-33503 CVE-2021-23336 CVE-2021-23240
CVE-2021-23239 CVE-2021-20305 CVE-2021-20271
CVE-2021-3541 CVE-2021-3520 CVE-2021-3516
CVE-2021-3450 CVE-2021-3449 CVE-2021-3326
CVE-2020-29363 CVE-2020-29362 CVE-2020-29361
CVE-2020-28196 CVE-2020-27619 CVE-2020-27618
CVE-2020-26116 CVE-2020-24977 CVE-2020-24659
CVE-2020-15358 CVE-2020-14422 CVE-2020-14352
CVE-2020-13777 CVE-2020-13776 CVE-2020-13584
CVE-2020-13543 CVE-2020-13434 CVE-2020-11080
CVE-2020-9983 CVE-2020-9951 CVE-2020-9948
CVE-2020-8927 CVE-2020-8492 CVE-2020-8286
CVE-2020-8285 CVE-2020-8284 CVE-2020-8231
CVE-2020-8177 CVE-2020-7595 CVE-2020-1730
CVE-2019-25013 CVE-2019-20916 CVE-2019-20907
CVE-2019-20454 CVE-2019-20388 CVE-2019-20387
CVE-2019-19956 CVE-2019-19906 CVE-2019-19221
CVE-2019-18276 CVE-2019-16935 CVE-2019-15903
CVE-2019-14889 CVE-2019-14866 CVE-2019-13627
CVE-2019-13050 CVE-2019-13012 CVE-2019-12450
CVE-2019-9169 CVE-2019-3842 CVE-2019-2708
CVE-2018-1000858 CVE-2018-20843 CVE-2017-1000082
CVE-2017-14502 CVE-2016-10228
Reference: ESB-2021.2711
ESB-2021.2677
ESB-2021.2657
Original Bulletin:
https://www.ibm.com/support/pages/node/6520474
- --------------------------BEGIN INCLUDED TEXT--------------------
IBM QRadar SIEM Application Framework Base Image is vulnerable to using
components with Known Vulnerabilities
Document Information
Document number : 6520474
Modified date : 30 November 2021
Product : IBM QRadar SIEM
Software version : 7.3, 7.4
Operating system(s): Linux
Summary
The product includes vulnerable components (e.g., framework libraries) that may
be identified and exploited with automated tools.
Vulnerability Details
CVEID: CVE-2021-3541
DESCRIPTION: GNOME libxml2 is vulnerable to a denial of service, caused by an
exponential entity expansion attack which bypasses all existing protection
mechanisms. A remote authenticated attacker could exploit this vulnerability to
consume all available resources.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
204818 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2021-3516
DESCRIPTION: libxml2 could allow a remote attacker to execute arbitrary code on
the system, caused by a use-after-free in xmlEncodeEntitiesInternal() in
entities.c. By persuading a victim to open a specially crafted file, an
attacker could exploit this vulnerability to execute arbitrary code on the
system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
202838 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2021-3520
DESCRIPTION: lz4 could allow a remote attacker to execute arbitrary code on the
system, caused by an integer overflow. By sending a specially crafted file, an
attacker could invoke memmove() on a negative size argument leading to memory
corruption and trigger an out-of-bounds write or cause the library to crash.
CVSS Base score: 8.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
202592 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H)
CVEID: CVE-2017-14502
DESCRIPTION: libarchive is vulnerable to a buffer overflow, caused by improper
bounds checking by the read_header function in
archive_read_support_format_rar.c. By persuading a victim to open a
specially-crafted RAR file, a remote attacker could overflow a buffer and
execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
132123 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2021-20271
DESCRIPTION: RPM could allow a remote attacker to execute arbitrary code on the
system, caused by a flaw in the signature check function. By persuading a
victim to open a specially-crafted package file, an attacker could exploit this
vulnerability to cause RPM database corruption and execute arbitrary code on
the system.
CVSS Base score: 6.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
198961 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2021-33503
DESCRIPTION: urllib3 is vulnerable to a denial of service, caused by a regular
expression denial of service (ReDoS) flaw due to catastrophic backtracking. By
sending a specially-crafted URL request, a remote attacker could exploit this
vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
203109 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-20387
DESCRIPTION: libsolv is vulnerable to a denial of service, caused by a
heap-based buffer over-read in the repodata_schema2id function in repodata.c.
By sending a specially-crafted request, a remote attacker could exploit this
vulnerability to cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
175508 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2020-29361
DESCRIPTION: p11-glue p11-kit are vulnerable to a denial of service, caused by
multiple integer overflows when allocating memory for arrays of attributes and
object identifiers. By sending a specially-crafted request using realloc or
calloc function, an attacker could exploit this vulnerability to cause a denial
of service or possibly execute arbitrary code on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
193532 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2020-29363
DESCRIPTION: p11-glue p11-kit is vulnerable to a denial of service, caused by a
heap-based buffer overflow in the RPC protocol. By sending a serialized byte
array in a CK_ATTRIBUTE, a remote attacker could overflow a buffer and cause a
denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
193534 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2020-15358
DESCRIPTION: SQLite is vulnerable to a denial of service, caused by a
heap-based buffer overflow in the mishandling of query-flattener optimization
in select.c. By sending a specially-crafted query, a local authenticated
attacker could overflow a buffer and cause the application to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
184103 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2020-13776
DESCRIPTION: systemd could allow a local authenticated attacker to gain
elevated privileges on the system, caused by the mishandling of numerical
usernames. By sending a specially-crafted request, an attacker could exploit
this vulnerability to gain elevated privileges as root.
CVSS Base score: 6.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
184600 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-18276
DESCRIPTION: GNU Bash could allow a remote authenticated attacker to gain
elevated privileges on the system, caused by a flaw in the disable_priv_mode in
shell.c. By sending a specially-crafted command, an attacker could exploit this
vulnerability to escalate privileges.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
172331 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2020-9951
DESCRIPTION: Apple Safari could allow a remote attacker to execute arbitrary
code on the system, caused by a use-after-free in the WebKit component. By
persuading a victim to visit a specially-crafted Web site, a remote attacker
could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
188409 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2020-13543
DESCRIPTION: Webkit WebKitGTK could allow a remote attacker to execute
arbitrary code on the system, caused by a use-after-free in the WebSocket
functionality. By persuading a victim to visit a specially crafted Web site, an
attacker could exploit this vulnerability to execute arbitrary code or cause
the application to crash.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
192461 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2020-13584
DESCRIPTION: Webkit WebKitGTK could allow a remote attacker to execute
arbitrary code on the system, caused by a use-after-free in the
ImageDecoderGStreamer functionality. By persuading a victim to visit a
specially crafted Web site, an attacker could exploit this vulnerability to
execute arbitrary code or cause the application to crash.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
192463 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-14889
DESCRIPTION: libssh could allow a remote authenticated attacker to execute
arbitrary commands on the system, caused by a flaw in the ssh_scp_new(). By
sending a specially crafted request, an attacker could exploit this
vulnerability to execute arbitrary commands on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
173891 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-20916
DESCRIPTION: pypa pip package for python could allow a remote attacker to
traverse directories on the system, caused by a flaw when installing package
via a specified URL. An attacker could use a specially-crafted
Content-Disposition header with filename containing "dot dot" sequences (/../)
to overwrite arbitrary files on the system.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
187855 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L)
CVEID: CVE-2021-20305
DESCRIPTION: Nettle could allow a remote attacker to bypass security
restrictions, caused by a flaw related to several signature verification
functions result in the Elliptic Curve Cryptography point (ECC) multiply
function being invoked with out-of-range scalers. An attacker could exploit
this vulnerability to force an invalid signature, causing an assertion failure
or possible validation.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
199653 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2020-14352
DESCRIPTION: Librepo could allow a remote authenticated attacker to traverse
directories on the system, caused by the failure to sanitize paths in remote
repository metadata. An attacker could send a specially-crafted URL request
containing directory traversal sequences to copy files outside of the
destination directory and compromise the system.
CVSS Base score: 8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
187676 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2020-24977
DESCRIPTION: GNOME libxml2 is vulnerable to a buffer overflow, caused by
improper bounds checking by the xmlEncodeEntitiesInternal function in libxml2/
entities.c. By persuading a victim to open a specially-crafted file, a remote
attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
187847 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2020-8285
DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a
stack-based buffer overflow in the wildcard matching function. By sending a
specially-crafted request, a remote attacker could exploit this vulnerability
to cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
192855 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2020-8286
DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security
restrictions, caused by improper OCSP response verification. By sending a
specially-crafted request, an attacker could exploit this vulnerability to
breach a TLS server.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
192856 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2019-25013
DESCRIPTION: GNU glibc is vulnerable to a denial of service, caused by a buffer
over-read in iconv feature. By sending a specially-crafted request, a remote
attacker could exploit this vulnerability to cause a SIGSEGV.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
194579 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2021-3326
DESCRIPTION: GNU C Library (aka glibc or libc6) is vulnerable to a denial of
service, caused by an assertion failure when processing invalid input sequences
in the ISO-2022-JP-3 encoding in the iconv function. By sending
specially-crafted input, a remote attacker could exploit this vulnerability to
cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
195732 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2020-28196
DESCRIPTION: MIT Kerberos 5 (aka krb5) is vulnerable to a denial of service,
caused by an unbounded recursion flaw in lib/krb5/asn.1/asn1_encode.c. By
sending a specially-crafted ASN.1-encoded Kerberos message, a remote attacker
could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
191321 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2020-7595
DESCRIPTION: GNOME libxml2 is vulnerable to a denial of service, caused by an
error in xmlStringLenDecodeEntities in parser.c. An attacker could exploit this
vulnerability to cause the application to enter into an infinite loop.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
175333 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2021-3449
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL
pointer dereference in signature_algorithms processing. By sending a specially
crafted renegotiation ClientHello message from a client, a remote attacker
could exploit this vulnerability to cause the TLS server to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
198752 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2020-14422
DESCRIPTION: Python is vulnerable to a denial of service, caused by improper
computing hash values in the IPv4Interface and IPv6Interface classes in Lib/
ipaddress.py. By sending a specially-crafted request, a remote attacker could
exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
184320 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2020-13434
DESCRIPTION: SQLite is vulnerable to a denial of service, caused by an integer
overflow in the sqlite3_str_vappendf function. By sending a specially-crafted
request, a remote attacker could overflow a buffer and cause a denial of
service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
182405 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2020-13777
DESCRIPTION: GnuTLS could allow a remote attacker to obtain sensitive
information, caused by the use of incorrect cryptography for encrypting a
session ticket. By using man-in-the-middle attack techniques, an attacker could
exploit this vulnerability to obtain previous conversations in TLS and bypass
the authentication process.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
183032 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVEID: CVE-2021-3450
DESCRIPTION: OpenSSL could allow a remote attacker to bypass security
restrictions, caused by a a missing check in the validation logic of X.509
certificate chains by the X509_V_FLAG_X509_STRICT flag. By using any valid
certificate or certificate chain to sign a specially crafted certificate, an
attacker could bypass the check that non-CA certificates must not be able to
issue other certificates and override the default purpose.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
198754 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H)
CVEID: CVE-2019-9169
DESCRIPTION: GNU glibc is vulnerable to a heap-based buffer overflow, caused by
a buffer over-read flaw in the proceed_next_node function in posix/regexec.c.
By sending a specially-crafted argument using a case-insensitive
regular-expression match, a remote attacker could overflow a buffer and execute
arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
157800 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2019-14866
DESCRIPTION: GNU cpio could allow a local authenticated attacker to gain
elevated privileges on the system, caused by the failure to properly validate
input files when generating TAR archives. An attacker could exploit this
vulnerability to inject any tar content and compromise the system.
CVSS Base score: 6.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
171509 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2020-8284
DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive
information, caused by improper validation of FTP PASV responses. By persuading
a victim to connect a specially-crafted server, an attacker could exploit this
vulnerability to obtain sensitive information about services, and use this
information to launch further attacks against the affected system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
192854 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVEID: CVE-2020-26116
DESCRIPTION: Python is vulnerable to CRLF injection, caused by improper
validation of user-supplied input in http.client. By inserting CR and LF
control characters in the first argument of HTTPConnection.request, a remote
attacker could exploit this vulnerability to conduct various attacks against
the vulnerable system, including cross-site scripting, cache poisoning or
session hijacking.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
189404 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2020-9948
DESCRIPTION: Apple Safari could allow a remote attacker to execute arbitrary
code on the system, caused by a type confusion in the WebKit component. By
persuading a victim to visit a specially-crafted Web site, a remote attacker
could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
188410 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2020-9983
DESCRIPTION: Apple Safari could allow a remote attacker to execute arbitrary
code on the system, caused by an out-of-bounds write in the WebKit component.
By persuading a victim to visit a specially-crafted Web site, a remote attacker
could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
188412 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2019-16935
DESCRIPTION: Python is vulnerable to cross-site scripting, caused by improper
validation of user-supplied input by the python/Lib/DocXMLRPCServer.py. A
remote attacker could exploit this vulnerability using the server_title field
to inject malicious script into a Web page which would be executed in a
victim's Web browser within the security context of the hosting Web site, once
the URL is clicked. An attacker could use this vulnerability to steal the
victim's cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
168612 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2020-24659
DESCRIPTION: GnuTLS is vulnerable to a denial of service, caused by a NULL
pointer dereference. By sending specially-crafted messages, a remote attacker
could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
187828 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-13627
DESCRIPTION: libgcrypt20 cryptographic library could allow a remote attacker to
obtain sensitive information, caused by a ECDSA timing attack. An attacker
could exploit this vulnerability to obtain private key information, and use
this information to launch further attacks against the affected system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
167675 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2021-23336
DESCRIPTION: Python CPython could allow a remote attacker to bypass security
restrictions, caused by a web cache poisoning flaw via urllib.parse.parse_qsl
and urllib.parse.parse_qs. By sending a specially-crafted request parameter
cloaking, an attacker could exploit this vulnerability to cause a difference in
the interpretation of the request between the proxy and the server.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
196808 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H)
CVEID: CVE-2020-27618
DESCRIPTION: GNU C Library (aka glibc or libc6) is vulnerable to a denial of
service, caused by an error when processing some invalid inputs from several
IBM character sets in the iconv function. By sending invalid multi-byte input
sequences in IBM1364, IBM1371, IBM1388, IBM1390, IBM1399 encodings, a local
authenticated attacker could exploit this vulnerability to cause the
application to enter into an infinite loop.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
196446 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-20907
DESCRIPTION: Python is vulnerable to a denial of service, caused by a flaw in
the tarfile module in Lib/tarfile.py. By persuading a victim to open a
specially-craft a TAR archive, a remote attacker could exploit this
vulnerability to cause the application to enter into an infinite loop.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
185442 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2020-8927
DESCRIPTION: Brotli is vulnerable to buffer overflow. By controlling the input
length of a "one-shot" decompression request to a script, a remote attacker
could overflow a buffer and execute arbitrary code on the system or cause the
application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
188304 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2020-8177
DESCRIPTION: cURL could allow a remote attacker to overwrite arbitrary files on
the system, caused by the improper handling of certain parameters when using -J
(--remote-header-name) and -I (--include) in the same command line. An attacker
could exploit this vulnerability to overwrite a local file.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
183931 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2020-8231
DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive
information, caused by the improper handling of the CURLOPT_CONNECT_ONLY
option. The raw data is sent over that connection to the wrong destination. An
attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
186954 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2019-19906
DESCRIPTION: cyrus-sasl is vulnerable to a denial of service, caused by an
off-by-one error in _sasl_add_string in common.c. By sending a malformed LDAP
packet, a remote attacker could exploit this vulnerability to cause the
application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
173382 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-15903
DESCRIPTION: libexpat is vulnerable to a denial of service, caused by a
heap-based buffer over-read in XML_GetCurrentLineNumber. By using a
specially-crafted XML input, a remote attacker could exploit this vulnerability
to cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
166560 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-10228
DESCRIPTION: GNU C Library (glibc) is vulnerable to a denial of service, caused
by an error in the iconv program. By processing invalid multi-byte input
sequences, a remote attacker could exploit this vulnerability to cause the
application to enter into an infinite loop.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
124078 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-13050
DESCRIPTION: GNU Privacy Guard (GnuPG) is vulnerable to a denial of service,
caused by a certificate spamming attack when referring to a host on the SKS
keyserver network in the keyserver configuration. By sending a
specially-crafted request, a remote attacker could exploit this vulnerability
to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
166417 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2020-1730
DESCRIPTION: libssh is vulnerable to a denial of service, caused by the use of
uninitialized AES-CTR ciphers. A remote attacker could exploit this
vulnerability to crash the implemented counterpart.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
179361 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2020-29362
DESCRIPTION: p11-glue p11-kit could allow a remote attacker to obtain sensitive
information, caused by a heap-based buffer over-read flaw in the RPC protocol.
By sending a specially-crafted request, an attacker could exploit this
vulnerability to obtain up to 4 bytes of memory past the heap allocation, and
use this information to launch further attacks against the affected system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
193533 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2019-20454
DESCRIPTION: PCRE is vulnerable to a denial of service, caused by an
out-of-bounds read in the do_extuni_no_utf function in pcre2_jit_compile.c. By
sending a specially-crafted request, a remote attacker could exploit this
vulnerability to cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
176437 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2020-8492
DESCRIPTION: Python is vulnerable to a denial of service, caused by a flaw in
the urllib.request.AbstractBasicAuthHandler. By sending a specially crafted
request, a remote attacker could exploit this vulnerability to cause a Regular
Expression Denial of Service (ReDoS).
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
175462 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2020-27619
DESCRIPTION: An unspecified error with CJK codec tests call eval() on content
retrieved throug HTTP in multibytecodec_support.py in Python has an unknown
impact and attack vector.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
190408 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2021-23240
DESCRIPTION: sudo could allow a local authenticated attacker to launch a
symlink attack. The selinux_edit_copy_tfiles() and selinux_edit_create_tfiles
functions creates temporary files insecurely. An attacker could exploit this
vulnerability by creating a symbolic link from a temporary file to various
files on the system, which could allow the attacker to overwrite arbitrary
files on the system with elevated privileges.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
194530 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2019-3842
DESCRIPTION: systemd could allow a local authenticated attacker to gain
elevated privileges on the system, caused by the failure to properly sanitize
the environment before using the XDG_SEAT variable by pam_systemd. By spoofing
an active session to PolicyKit, an authenticated attacker could exploit this
vulnerability to gain additional PolicyKit privileges.
CVSS Base score: 4.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
159257 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2018-1000858
DESCRIPTION: GnuPG is vulnerable to cross-site request forgery, caused by
improper validation of user-supplied input by dirmngr. By persuading an
authenticated user to visit a malicious Web site, a remote attacker could send
a malformed HTTP request. An attacker could exploit this vulnerability to
perform cross-site scripting attacks, Web cache poisoning, and other malicious
activities.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
154528 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
CVEID: CVE-2020-11080
DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error
in the HTTP/2 session frame which is limited to 32 settings by default. By
sending overly large HTTP/2 SETTINGS frames, an attacker could exploit this
vulnerability to consume all available CPU resources.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
182815 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-20843
DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an error
in the XML parser. By persuading a victim to open a specially-crafted file, a
remote attacker could exploit this vulnerability to consume all available CPU
resources.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
163073 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-13012
DESCRIPTION: GNOME GLib could allow a local attacker to bypass security
restrictions, caused by improper permission control in the keyfile settings
backend. An attacker could exploit this vulnerability to bypass access
restrictions.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
166666 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2019-19221
DESCRIPTION: libarchive is vulnerable to a denial of service, caused by an
out-of-bounds read in the archive_wstring_append_from_mbs in archive_string.c.
By persuading a victim to open a specially-crafted file, a remote attacker
could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
172119 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-2708
DESCRIPTION: An unspecified vulnerability in Oracle Berkeley DB related to the
Data Store component could allow an authenticated attacker to cause a denial of
service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
159800 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-19956
DESCRIPTION: libxml2 is vulnerable to a denial of service, caused by a memory
leak in xmlParseBalancedChunkMemoryRecover in parser.c. By persuading a victim
to open a specially crafted file, a remote attacker could exploit this
vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
173518 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-20388
DESCRIPTION: GNOME libxml2 could allow a remote attacker to obtain sensitive
information, caused by a xmlSchemaValidateStream memory leak in xmlSchemaPreRun
in xmlschemas.c. By persuading a victim to open a specially crafted file, an
attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
175539 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
CVEID: CVE-2021-23239
DESCRIPTION: sudo could allow a local authenticated attacker to obtain
sensitive information, caused by a race condition in sudoedit. By using symlink
attack techniques, an attacker could exploit this vulnerability to obtain
directory information, and use this information to launch further attacks
against the affected system.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
194529 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
IBM QRadar SIEM 7.3.0 to 7.3.3 Fix Pack 9
IBM QRadar SIEM 7.4.0 to 7.4.3 Fix Pack 3
Remediation/Fixes
QRadar / QRM / QVM / QRIF / QNI 7.3.3 Fix Pack 10
QRadar / QRM / QVM / QRIF / QNI 7.4.3 Fix Pack 4
Workarounds and Mitigations
None
Change History
26 Nov 2021: Initial Publication
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYacJQeNLKJtyKPYoAQjA9RAAjskauq7iJ95bcNoRcEvWLBfuzMag4cJ/
0fghEpVmoHR22z/dgOZVk8q24p89h1iMlough5NuHpl4plywwIaZKACtazj9h2aW
EjrjtrXcor/vgFIQRbbe13OCy5qO9l8nyt/eWENV/Os6MEC67u22XWgIOxpzJ4dr
KFykZ/b4a7/iUBOQDQpvWxllWyBtVLq9tD9tJtOPY52ae2EN60ZrOh8yXD1tXA0x
8ImZV3UYUR/unCZ/qu1dTb32M3gTljyGw8rYysnlKBuVM+Kvbr4k0Er86slYmr0D
tBIYc47wOTvNxA3NtEuBEy5Tu9E1RBtaFshNxRH+dF10G6NqstMShoVOUg85NpxT
aMGxX9/sf+Ssl0hCRbxFz9NicapMEWbeLOkNQQ3PyhPBfcSqUwiSOubz5eC7GWoD
kXSn+tqZBG5OlFAX94sihQfTbaAj1gFGyPPMulYdgRbPgnz4I1olGKmFfcCDO2jA
GgNM0fv1V4QyZ8nmKPqqoqu/F9VCQEjsXJ5ATaRJm/gINW5gW2yN6q6FFOEbE+vx
5hzRyS2e4q5wVfslwHMoZ7x54GUmPuoCXyP7EbXr0gdtVNNmB+dcm8KLIC0Vgy7l
ArA7f+Ap37RhxUMxdSDW0PypzNGHNuP3BPSyNsm02KSH/z3SeXsprdipASnN3Ba8
pV/OUfxBLWU=
=OGaI
-----END PGP SIGNATURE-----