Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.5409 Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities 27 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM QRadar SIEM Publisher: IBM Operating System: Linux variants Resolution: Patch/Upgrade CVE Names: CVE-2022-1154 CVE-2021-38185 CVE-2021-3634 Original Bulletin: https://www.ibm.com/support/pages/node/6831853 Comment: CVSS (Max): 7.8 CVE-2022-1154 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) CVSS Source: IBM Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities Document Information Document number : 6831853 Modified date : 25 October 2022 Product : IBM QRadar SIEM Software version : 7.4, 7.5 Operating system(s): Linux Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2021-38185 DESCRIPTION: GNU cpio could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow that triggers an out-of-bounds heap write in the ds_fgetstr function in dstring.c. By persuading a victim to open a specially-crafted crafted pattern file, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 7.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 207047 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVEID: CVE-2022-1154 DESCRIPTION: Vim is vulnerable to a heap-based buffer overflow, caused by a use-after-free in mbyte.c in utf_ptr2char. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. CVSS Base score: 7.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 223115 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) CVEID: CVE-2021-3634 DESCRIPTION: libssh is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By sending a specially-crafted request, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. CVSS Base score: 5.4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 208281 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L) Affected Products and Versions +-------------------+---------------------------+ |Affected Product(s)|Version(s) | +-------------------+---------------------------+ |IBM QRadar SIEM |7.4.0 - 7.4.3 Fix Pack 6 | +-------------------+---------------------------+ |IBM QRadar SIEM |7.5.0 - 7.5.0 Update Pack 2| +-------------------+---------------------------+ Remediation/Fixes IBM encourages customers to update their systems promptly. +-----------------+--------+-----------------+ |Affected Product |Versions|Fix | |(s) | | | +-----------------+--------+-----------------+ |IBM QRadar SIEM |7.4 |7.4.3 Fix Pack 7 | +-----------------+--------+-----------------+ |IBM QRadar SIEM |7.5 |7.5.0 Update Pack| | | |3 | +-----------------+--------+-----------------+ Workarounds and Mitigations None Change History 31 Aug 2022: Initial Publication - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBY1oDdMkNZI30y1K9AQhQeg/+J2NJvRuUGvTeEjMYPe8hDx+uKgCQY2X2 8x5O4fgWjBlrZ2s8ZbmicptFL7t3bu0LSlD8dgYqqr7v9n1VC382zBdDsJgwI3l6 sYbZMulBsBQcMO8o8pfd+4kkcPOtJu9c4vtxVGOlAePL+jgwPEHRX3b0GjAZ5hOa AkpY7NG0dTJjiiN2jwYp7BVvmVbJWxv+IHfKcDtWQFjo5xdY4ZGos5vrocwgkZZo 28Bq5b7NjPiBirC9DsXBdbcSGXN8/f7g3xpF7gNxT6FNHX6wM0YJChK3L6LXjq8+ 4zDF0grtCtgOynDNWtCyAP08lhfwmAvRKfQcZQbDwsA/GziBCVlE6Wnz+QnWdO1T fGOA4AtbsNBSZRQmjwWAEwe+VvQl8Kh4D4G+/yPv+i7wasE3oukAwjo7GtZsZHIH DhQed13cxsTemUHb6+hQJFv3ZjQws0HuR3zVKswH/LAdKqFctEkT2gHSKmj3k5ym NkK35UkliyO0suHxbc6hIxtm5FufdXOZIlmQWQbsMrHVcyoufBd3qDDWBSRiPmRe qvHSleWlOnwYoC+4u+mK0XjVuRxLN06aah4fhONSXUp5LU8cHc0cGNuU/UqWo/OB HLpyOnjFX8alHd7+dNGceBduBa9YxwfCazjTNzDA0iApAaNUZVwFQe/T341rc6Mm Sx8kj9cieU4= =4w6y -----END PGP SIGNATURE-----