Protect yourself against future threats.
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2024.1830
IBM QRadar SIEM contains multiple vulnerabilities
28 March 2024
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Security QRadar SIEM
Publisher: IBM
Operating System: Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2023-3446 CVE-2023-42753 CVE-2022-48565
CVE-2019-1551 CVE-2022-40304 CVE-2022-40303
CVE-2019-1547 CVE-2020-27783 CVE-2021-28957
CVE-2023-5678 CVE-2023-3961 CVE-2020-10683
CVE-2022-48564 CVE-2020-10735 CVE-2023-34966
CVE-2022-25647 CVE-2022-2127 CVE-2023-34967
CVE-2023-34968 CVE-2023-23931 CVE-2023-4813
CVE-2023-4806 CVE-2020-25659 CVE-2021-43818
CVE-2023-6129 CVE-2023-42669 CVE-2023-4091
CVE-2019-1563 CVE-2018-17196 CVE-2018-1000632
CVE-2023-36632 CVE-2023-7104 CVE-2020-28493
CVE-2022-36760 CVE-2020-36242 CVE-2023-27043
CVE-2023-42503 CVE-2023-3817 CVE-2023-0286
CVE-2023-0215 CVE-2022-4304 CVE-2020-1968
Original Bulletin:
https://www.ibm.com/support/pages/node/7145367
Comment: CVSS (Max): 9.1 CVE-2020-36242 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)
CVSS Source: IBM
Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Document Information
Document number : 7145367
Modified date : 27 March 2024
Product : IBM Security QRadar SIEM
Component : -
Software version : 7.5
Operating system(s): Linux
Security Bulletin
Summary
IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that
could be identified and exploited with automated tools. These have been
addressed in the update.
Vulnerability Details
CVEID: CVE-2023-42503
DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service,
caused by improper input validation. By persuading a victim to open a specially
crafted TAR file, a remote attacker could exploit this vulnerability to cause a
denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
266096 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-17196
DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to bypass
security restrictions, caused by improper input validation. By sending a
specially-crafted Produce request, an attacker could exploit this vulnerability
to bypass transaction/idempotent ACL validation.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
163622 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2023-6129
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in
the POLY1305 MAC (message authentication code) implementation. By sending a
specially crafted request, a remote attacker could exploit this vulnerability
to cause a denial of service condition.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
278934 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-4806
DESCRIPTION: GNU glibc is vulnerable to a denial of service, caused by a
use-after-free flaw in the getaddrinfo() function. By sending a specially
crafted request, a remote attacker could exploit this vulnerability to cause
the application to crash.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
266465 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2021-43818
DESCRIPTION: lxml could allow a remote attacker to bypass security
restrictions, caused by a flaw in HTML Cleaner in lxml.html. By sending a
specially-crafted script content, an attacker could exploit this vulnerability
to allow crafted and SVG embedded scripts to pass through.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
215122 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N)
CVEID: CVE-2020-25659
DESCRIPTION: python-cryptography could allow a remote attacker to obtain
sensitive information, caused by a Bleichenbacher timing attack. By sending a
specially-crafted request using the RSA decryption API, an attacker could
exploit this vulnerability to obtain parts of the cipher text encrypted with
RSA, and use this information to launch further attacks against the affected
system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
192485 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2020-27783
DESCRIPTION: Python LXML is vulnerable to cross-site scripting, caused by
improper validation of user-supplied input by the clean module. A remote
attacker could exploit this vulnerability using a specially-crafted URL to
execute script in a victim's Web browser within the security context of the
hosting Web site, once the URL is clicked. An attacker could use this
vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
192644 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2021-28957
DESCRIPTION: lxml is vulnerable to cross-site scripting, caused by improper
validation of user-supplied input by the defs.py script. A remote attacker
could exploit this vulnerability using the HTML action attribute to inject
malicious script into a Web page which would be executed in a victim's Web
browser within the security context of the hosting Web site, once the page is
viewed. An attacker could use this vulnerability to steal the victim's
cookie-based authentication credentials.
CVSS Base score: 7.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
198515 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)
CVEID: CVE-2023-23931
DESCRIPTION: PyPI cryptography package could allow a remote attacker to bypass
security restrictions, caused by a memory corruption in Cipher.update_into. By
passing an immutable python object as the outbuf, an attacker could exploit
this vulnerability to bypass authentication and obtain access.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
246738 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
CVEID: CVE-2020-36242
DESCRIPTION: Cryptography could allow a remote attacker to execute arbitrary
code on the system, caused by an integer overflow and a buffer overflow. By
using certain sequences of update calls to symmetrically encrypt multi-GB
values, a remote attacker could exploit this vulnerability to execute arbitrary
code on the system or cause a denial of service.
CVSS Base score: 9.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
196426 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)
CVEID: CVE-2020-10683
DESCRIPTION: dom4j could allow a remote authenticated attacker to obtain
sensitive information, caused by an XML external entity (XXE) error when
processing XML data. By sending specially crafted XML data, a remote attacker
could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
181356 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2018-1000632
DESCRIPTION: dom4j could allow a remote attacker to execute arbitrary code on
the system, caused by improper input validation in multiple methods. By sending
a specially-crafted XML content, an attacker could exploit this vulnerability
to execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
148750 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2023-7104
DESCRIPTION: SQLite SQLite3 is vulnerable to a heap-based buffer overflow,
caused by improper bounds checking by the sessionReadRecord function in ext/
session/sqlite3session.c. By sending a specially crafted request, a remote
authenticated attacker could overflow a buffer and execute arbitrary code on
the system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
276235 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2022-40304
DESCRIPTION: Gnome ibxml2 could allow a remote attacker to execute arbitrary
code on the system, caused by a dict corruption flaw. By persuading a victim to
open a specially-crafted file, an attacker could exploit this vulnerability to
execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
238603 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2022-40303
DESCRIPTION: Gnome libxml2 could allow a remote attacker to execute arbitrary
code on the system, caused by an integer overflow in the XML_PARSE_HUGE
function. By persuading a victim to open a specially-crafted file, an attacker
could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
238602 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2023-3446
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw
when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check() functions to
check a DH key or DH parameters. By sending a specially crafted request using
long DH keys or parameters, a remote attacker could exploit this vulnerability
to cause long delays, and results in a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
261026 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-27043
DESCRIPTION: Python could allow a remote attacker to bypass security
restrictions, caused by a parsing flaw in the email.utils.parsaddr() and
email.utils.getaddresses() functions. By sending a specially-crafted e-mail
addresses with a special character, an attacker could exploit this
vulnerability to send messages from e-mail addresses that would otherwise be
rejected.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
253191 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2023-36632
DESCRIPTION: Python is vulnerable to a denial of service, caused by a
RecursionError in email.utils.parseaddr #103800. By sending a specially crafted
argument, a remote attacker could exploit this vulnerability to cause a denial
of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
258920 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2022-25647
DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the
deserialization of untrusted data. By using the writeReplace() method, a remote
attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
217225 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H)
CVEID: CVE-2020-28493
DESCRIPTION: Pallets jinja2 is vulnerable to a denial of service, caused by a
regular expression denial of service (ReDoS) flaw in the email regex. By
sending a specially-crafted input, a remote attacker could exploit this
vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
195894 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2020-10735
DESCRIPTION: Python is vulnerable to a denial of service, caused by the failure
to limit amount of digits converting text to int by the int() type in
PyLong_FromString(). A remote attacker could exploit this vulnerability to
consume all available resources.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
235840 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-3817
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw
when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check() functions to
check a DH key or DH parameters. By sending a specially crafted request, a
remote attacker could exploit this vulnerability to cause long delays, and
results in a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
262046 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2022-4304
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive
information, caused by a timing-based side channel in the RSA Decryption
implementation. By sending an overly large number of trial messages for
decryption, an attacker could exploit this vulnerability to obtain sensitive
information.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
246612 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2023-0215
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a
use-after-free error related to the incorrect handling of streaming ASN.1 data
by the BIO_new_NDEF function. A remote attacker could exploit this
vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
246614 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-0286
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a type
confusion error related to X.400 address processing inside an X.509
GeneralName. By passing arbitrary pointers to a memcmp call, a remote attacker
could exploit this vulnerability to read memory contents or cause a denial of
service.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
246611 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H)
CVEID: CVE-2022-48565
DESCRIPTION: Python could allow a local authenticated attacker to obtain
sensitive information, caused by improper handling of XML external entity (XXE)
declarations by the plistlib module. By using a specially crafted XML content,
a remote attacker could exploit this vulnerability to obtain sensitive
information, and use this information to launch further attacks against the
affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
264547 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2022-48564
DESCRIPTION: Python is vulnerable to a denial of service, caused by a flaw in
the read_ints function in plistlib.py. By persuading a victim to open a
specially crafted Apple Property List file file, a remote attacker could
exploit this vulnerability to cause CPU and RAM exhaustion, and results in a
denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
264546 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-42753
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to execute
arbitrary code on the system, caused by an integer underflow due to an array
indexing issue in the netfilter ipset subsystem. By sending a specially crafted
request, an attacker could exploit this vulnerability to execute arbitrary code
or cause a denial of service condition.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
266809 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2023-4813
DESCRIPTION: glibc is vulnerable to a denial of service, caused by a
use-after-free flaw in the gaih_inet function. By sending a specially crafted
request, a remote attacker could exploit this vulnerability to cause a denial
of service.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
265904 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-5678
DESCRIPTION: Openssl is vulnerable to a denial of service, caused by a flaw
when using DH_generate_key() function to generate an X9.42 DH key. By sending a
specially crafted request, a remote attacker could exploit this vulnerability
to cause a denial of service condition.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
270771 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2022-36760
DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused
by an inconsistent interpretation of HTTP Requests vulnerability in
mod_proxy_ajp. An attacker could exploit this vulnerability to smuggle requests
to the AJP server it forwards requests to.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
244884 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2023-3961
DESCRIPTION: Samba could allow a remote attacker to bypass security
restrictions, caused by improper validation of pipe names. By sending a
specially crafted request, an attacker could exploit this vulnerability to
access to UNIX domain sockets on the file system.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
268589 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)
CVEID: CVE-2023-4091
DESCRIPTION: Samba could allow a remote authenticated attacker to bypass
security restrictions, caused by a flaw when using the acl_xattr Samba VFS
module with the smb.conf setting "acl_xattr:ignore system acls = yes". By
sending a specially crafted request, an attacker could exploit this
vulnerability to truncate files to 0 bytes.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
268588 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2023-42669
DESCRIPTION: Samba is vulnerable to a denial of service, caused by a flaw with
rpcecho service operates with only one worker in the main RPC task. By sending
a specially crafted request, a remote authenticated attacker could exploit this
vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
268415 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2022-2127
DESCRIPTION: Samba is vulnerable to a denial of service, caused by an
out-of-bounds read flaw in winbind AUTH_CRAP. By sending a specially crafted
request, a remote attacker could exploit this vulnerability to cause the
application to crash.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
261923 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-34966
DESCRIPTION: Samba is vulnerable to a denial of service, caused by improper
input validation by the sl_unpack_loop() function. By sending specially crafted
Spotlight mdssvc RPC packets, a remote attacker could exploit this
vulnerability to consume available CPU resources and results in a denial of
service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
261220 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-34967
DESCRIPTION: Samba is vulnerable to a denial of service, caused by a type
confusion flaw in the dalloc_value_for_key() function. By sending specially
crafted Spotlight mdssvc RPC packets, a remote attacker could exploit this
vulnerability to cause the worker process to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
261221 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-34968
DESCRIPTION: Samba could allow a remote attacker to obtain sensitive
information, caused by a flaw in the Spotlight protocol. By sending a specially
crafted RPC request, an attacker could exploit this vulnerability to obtain the
real server-side share path information, and use this information to launch
further attacks against the affected system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
261222 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2020-1968
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive
information, caused by a Raccoon attack in the TLS specification. By computing
the pre-master secret in connections which have used a Diffie-Hellman (DH)
based ciphersuite, an attacker could exploit this vulnerability to eavesdrop on
all encrypted communications sent over that TLS connection.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
187977 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2019-1551
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive
information, caused by an overflow in the x64_64 Montgomery squaring procedure
used in exponentiation with 512-bit moduli. By performing a man-in-the-middle
attack, a remote attacker could exploit this vulnerability to obtain sensitive
information.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
172752 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)
CVEID: CVE-2019-1547
DESCRIPTION: OpenSSL could allow a local authenticated attacker to obtain
sensitive information, caused by the ability to construct an EC group missing
the cofactor using explicit parameters instead of using a named curve. An
attacker could exploit this vulnerability to obtain full key recovery during an
ECDSA signature operation.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
167020 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2019-1563
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive
information, caused by a padding oracle attack in PKCS7_dataDecode and
CMS_decrypt_set1_pkey. By sending an overly large number of messages to be
decrypted, an attacker could exploit this vulnerability to obtain sensitive
information.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
167022 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
+-------------------+----------------------+
|Affected Product(s)|Version(s) |
+-------------------+----------------------+
|IBM QRadar SIEM |7.5.0 - 7.5.0 UP7 IF06|
+-------------------+----------------------+
Remediation/Fixes
IBM strongly encourages customers to update their systems promptly.
+---------------+-------+---------+
|Product |Version|Fix |
+---------------+-------+---------+
|IBM QRadar SIEM|7.5.0 |7.5.0 UP8|
+---------------+-------+---------+
Workarounds and Mitigations
None
Acknowledgement
Change History
27 Mar 2024: Initial Publication
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to
address potential vulnerabilities, IBM periodically updates the record of
components contained in our product offerings. As part of that effort, if IBM
identifies previously unidentified packages in a product/service inventory, we
address relevant vulnerabilities regardless of CVE date. Inclusion of an older
CVEID does not demonstrate that the referenced product has been used by IBM
since that date, nor that IBM was aware of a vulnerability as of that date. We
are making clients aware of relevant vulnerabilities as we become aware of
them. "Affected Products and Versions" referenced in IBM Security Bulletins are
intended to be only products and versions that are supported by IBM and have
not passed their end-of-support or warranty date. Thus, failure to reference
unsupported or extended-support products and versions in this Security Bulletin
does not constitute a determination by IBM that they are unaffected by the
vulnerability. Reference to one or more unsupported versions in this Security
Bulletin shall not create an obligation for IBM to provide fixes for any
unsupported or extended-support products or versions.
- --------------------------END INCLUDED TEXT----------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================