Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.3896
Security Bulletin: Multiple vulnerabilities in Jquery-Ui, highcharts, and
datatables are affecting QRadar User Behavior Analytics (CVE-2021-41182,
CVE-2021-41183, CVE-2021-41184, CVE-2021-23445, CVE-2021-29489)
8 August 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM QRadar SIEM
Publisher: IBM
Operating System: Linux variants
Resolution: Patch/Upgrade
CVE Names: CVE-2021-41184 CVE-2021-41183 CVE-2021-41182
CVE-2021-29489 CVE-2021-23445
Original Bulletin:
https://www.ibm.com/support/pages/node/6610741
Comment: CVSS (Max): 7.2 CVE-2021-41184 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)
CVSS Source: IBM
Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
- --------------------------BEGIN INCLUDED TEXT--------------------
Multiple vulnerabilities in Jquery-Ui, highcharts, and datatables are affecting
QRadar User Behavior Analytics (CVE-2021-41182, CVE-2021-41183,
CVE-2021-41184, CVE-2021-23445, CVE-2021-29489)
Document Information
Document number : 6610741
Modified date : 05 August 2022
Product : IBM QRadar SIEM
Component : User Behavior Analytics
Software version : 4.1.8
Operating system(s): Linux
Summary
There are vulnerabilities in third party packages (JQuery-UI, Highcharts,
datatables.net) affecting User Behavior Anaytics(UBA). UBA has been updated to
the latest versions of these packages to address these vulnerabilities.
Vulnerability Details
CVEID: CVE-2021-41182
DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by
improper validation of user-supplied input by the Datepicker widget. A remote
attacker could exploit this vulnerability using the altField parameter to
inject malicious script into a Web page which would be executed in a victim's
Web browser within the security context of the hosting Web site, once the page
is viewed. An attacker could use this vulnerability to steal the victim's
cookie-based authentication credentials.
CVSS Base score: 7.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
212274 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)
CVEID: CVE-2021-41183
DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by
improper validation of user-supplied input by the Datepicker widget. A remote
attacker could exploit this vulnerability using the Text parameter to inject
malicious script into a Web page which would be executed in a victim's Web
browser within the security context of the hosting Web site, once the page is
viewed. An attacker could use this vulnerability to steal the victim's
cookie-based authentication credentials.
CVSS Base score: 7.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
212276 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)
CVEID: CVE-2021-41184
DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by
improper validation of user-supplied input by the .position() function. A
remote attacker could exploit this vulnerability using the of parameter to
inject malicious script into a Web page which would be executed in a victim's
Web browser within the security context of the hosting Web site, once the page
is viewed. An attacker could use this vulnerability to steal the victim's
cookie-based authentication credentials.
CVSS Base score: 7.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
212277 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)
CVEID: CVE-2021-23445
DESCRIPTION: datatables.net is vulnerable to cross-site scripting, caused by
improper validation of user-supplied input. A remote attacker could exploit
this vulnerability to inject malicious script into a web page which would be
executed in a victim's Web browser within the security context of the hosting
Web site, once the page is viewed. An attacker could use this vulnerability to
steal the victim's cookie-based authentication credentials.
CVSS Base score: 7.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
210144 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)
CVEID: CVE-2021-29489
DESCRIPTION: Highcharts JS is vulnerable to cross-site scripting, caused by
improper validation of user-supplied input. A remote attacker could exploit
this vulnerability to execute scripts in a victim's Web browser within the
security context of the hosting Web site. An attacker could use this
vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
201299 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
+------------------------------+----------+
|Affected Product(s) |Version(s)|
+------------------------------+----------+
|QRadar User Behavior Analytics|All |
+------------------------------+----------+
Remediation/Fixes
Addressed in version 4.1.8 of User Behavior Analytics
Workarounds and Mitigations
None
Change History
05 Aug 2022: Initial Publication
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYvCAEckNZI30y1K9AQgw5RAAtysuY86cv51nOFZATzPANZSXS2paUhJ8
7dB3/UWuCdOQXYI57t+rsYRTBSx0RYrSfdt0LZxxfX60X3b72qfT4DbMmb9//VXD
91EgHq+XiEEUIVIVa5XuXLwbNTW+uwyTCLP7XzdLuRwq5dvdyarQIsQqoGtqzkpz
Pg6FKe8RW1uMIgSl1epCYZSK9Lc05N91oWVSi6+9QbOWXeBJkQInwDtepP3/Bbs9
gis+3er1sPQBZY3VcWN7nWeF4V5fzCggn6dddFNFe4pStT8k+UTI7kcYqrlqOXos
lp+98T29aye+iY5ohN1MyPfgi0gpZW1YIkEczUNA4pC7zU2l2vl0HB4m6Sa5RzeT
z9hREuRwJBIJjaAmbImxKwO0OOQXtR6GRsVTwRRqLIPnQ+V7cIm/94u9BnOPo2Je
fo1QFK37qUM9ovpmFJ1gw1+ab8UYwuCZcboyLpITstxhVrTufs9slQXnYVnUgqiQ
Pd86F2ROg8ugIz4rpaJDkIrP4Nl56ekRaVs0LzXHq8Ag1VGO0eW3jfh6wUFfxOL9
HfjTql+1ksewJBrmBNEGyAQRvLVP8QlL1rb+37/wtblwIiV18H327co2m4fHJ607
Ria1SvM50xSuvz+/nlKZFyEbFyRrRB7HdUhp4XZs6PJD15I4So5mki2K/J+NKkmh
edJ6+RGWcd4=
=WRhf
-----END PGP SIGNATURE-----