Protect yourself against future threats.
=========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1830 IBM QRadar SIEM contains multiple vulnerabilities 28 March 2024 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Security QRadar SIEM Publisher: IBM Operating System: Linux Resolution: Patch/Upgrade CVE Names: CVE-2023-3446 CVE-2023-42753 CVE-2022-48565 CVE-2019-1551 CVE-2022-40304 CVE-2022-40303 CVE-2019-1547 CVE-2020-27783 CVE-2021-28957 CVE-2023-5678 CVE-2023-3961 CVE-2020-10683 CVE-2022-48564 CVE-2020-10735 CVE-2023-34966 CVE-2022-25647 CVE-2022-2127 CVE-2023-34967 CVE-2023-34968 CVE-2023-23931 CVE-2023-4813 CVE-2023-4806 CVE-2020-25659 CVE-2021-43818 CVE-2023-6129 CVE-2023-42669 CVE-2023-4091 CVE-2019-1563 CVE-2018-17196 CVE-2018-1000632 CVE-2023-36632 CVE-2023-7104 CVE-2020-28493 CVE-2022-36760 CVE-2020-36242 CVE-2023-27043 CVE-2023-42503 CVE-2023-3817 CVE-2023-0286 CVE-2023-0215 CVE-2022-4304 CVE-2020-1968 Original Bulletin: https://www.ibm.com/support/pages/node/7145367 Comment: CVSS (Max): 9.1 CVE-2020-36242 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) CVSS Source: IBM Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities Document Information Document number : 7145367 Modified date : 27 March 2024 Product : IBM Security QRadar SIEM Component : - Software version : 7.5 Operating system(s): Linux Security Bulletin Summary IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID: CVE-2023-42503 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially crafted TAR file, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 5.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 266096 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2018-17196 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation. By sending a specially-crafted Produce request, an attacker could exploit this vulnerability to bypass transaction/idempotent ACL validation. CVSS Base score: 4.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 163622 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2023-6129 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the POLY1305 MAC (message authentication code) implementation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 5.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 278934 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2023-4806 DESCRIPTION: GNU glibc is vulnerable to a denial of service, caused by a use-after-free flaw in the getaddrinfo() function. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base score: 5.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 266465 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2021-43818 DESCRIPTION: lxml could allow a remote attacker to bypass security restrictions, caused by a flaw in HTML Cleaner in lxml.html. By sending a specially-crafted script content, an attacker could exploit this vulnerability to allow crafted and SVG embedded scripts to pass through. CVSS Base score: 8.2 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 215122 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N) CVEID: CVE-2020-25659 DESCRIPTION: python-cryptography could allow a remote attacker to obtain sensitive information, caused by a Bleichenbacher timing attack. By sending a specially-crafted request using the RSA decryption API, an attacker could exploit this vulnerability to obtain parts of the cipher text encrypted with RSA, and use this information to launch further attacks against the affected system. CVSS Base score: 5.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 192485 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2020-27783 DESCRIPTION: Python LXML is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the clean module. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. CVSS Base score: 6.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 192644 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2021-28957 DESCRIPTION: lxml is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the defs.py script. A remote attacker could exploit this vulnerability using the HTML action attribute to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. CVSS Base score: 7.2 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 198515 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N) CVEID: CVE-2023-23931 DESCRIPTION: PyPI cryptography package could allow a remote attacker to bypass security restrictions, caused by a memory corruption in Cipher.update_into. By passing an immutable python object as the outbuf, an attacker could exploit this vulnerability to bypass authentication and obtain access. CVSS Base score: 4.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 246738 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) CVEID: CVE-2020-36242 DESCRIPTION: Cryptography could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow and a buffer overflow. By using certain sequences of update calls to symmetrically encrypt multi-GB values, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. CVSS Base score: 9.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 196426 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) CVEID: CVE-2020-10683 DESCRIPTION: dom4j could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By sending specially crafted XML data, a remote attacker could exploit this vulnerability to obtain sensitive information. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 181356 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2018-1000632 DESCRIPTION: dom4j could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation in multiple methods. By sending a specially-crafted XML content, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 7.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 148750 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2023-7104 DESCRIPTION: SQLite SQLite3 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the sessionReadRecord function in ext/ session/sqlite3session.c. By sending a specially crafted request, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base score: 5.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 276235 for the current score. CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2022-40304 DESCRIPTION: Gnome ibxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a dict corruption flaw. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 7.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 238603 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVEID: CVE-2022-40303 DESCRIPTION: Gnome libxml2 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the XML_PARSE_HUGE function. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 7.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 238602 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVEID: CVE-2023-3446 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check() functions to check a DH key or DH parameters. By sending a specially crafted request using long DH keys or parameters, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition. CVSS Base score: 3.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 261026 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2023-27043 DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by a parsing flaw in the email.utils.parsaddr() and email.utils.getaddresses() functions. By sending a specially-crafted e-mail addresses with a special character, an attacker could exploit this vulnerability to send messages from e-mail addresses that would otherwise be rejected. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 253191 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2023-36632 DESCRIPTION: Python is vulnerable to a denial of service, caused by a RecursionError in email.utils.parseaddr #103800. By sending a specially crafted argument, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 258920 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the writeReplace() method, a remote attacker could exploit this vulnerability to cause a denial of service. CVSS Base score: 7.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 217225 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H) CVEID: CVE-2020-28493 DESCRIPTION: Pallets jinja2 is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the email regex. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 195894 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2020-10735 DESCRIPTION: Python is vulnerable to a denial of service, caused by the failure to limit amount of digits converting text to int by the int() type in PyLong_FromString(). A remote attacker could exploit this vulnerability to consume all available resources. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 235840 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2023-3817 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check() functions to check a DH key or DH parameters. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause long delays, and results in a denial of service condition. CVSS Base score: 3.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 262046 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base score: 5.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 246612 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2023-0215 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a use-after-free error related to the incorrect handling of streaming ASN.1 data by the BIO_new_NDEF function. A remote attacker could exploit this vulnerability to cause a denial of service. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 246614 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2023-0286 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a type confusion error related to X.400 address processing inside an X.509 GeneralName. By passing arbitrary pointers to a memcmp call, a remote attacker could exploit this vulnerability to read memory contents or cause a denial of service. CVSS Base score: 8.2 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 246611 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H) CVEID: CVE-2022-48565 DESCRIPTION: Python could allow a local authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations by the plistlib module. By using a specially crafted XML content, a remote attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. CVSS Base score: 5.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 264547 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2022-48564 DESCRIPTION: Python is vulnerable to a denial of service, caused by a flaw in the read_ints function in plistlib.py. By persuading a victim to open a specially crafted Apple Property List file file, a remote attacker could exploit this vulnerability to cause CPU and RAM exhaustion, and results in a denial of service condition. CVSS Base score: 5.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 264546 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2023-42753 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by an integer underflow due to an array indexing issue in the netfilter ipset subsystem. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition. CVSS Base score: 7.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 266809 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2023-4813 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a use-after-free flaw in the gaih_inet function. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. CVSS Base score: 5.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 265904 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2023-5678 DESCRIPTION: Openssl is vulnerable to a denial of service, caused by a flaw when using DH_generate_key() function to generate an X9.42 DH key. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 3.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 270771 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2022-36760 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent interpretation of HTTP Requests vulnerability in mod_proxy_ajp. An attacker could exploit this vulnerability to smuggle requests to the AJP server it forwards requests to. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 244884 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) CVEID: CVE-2023-3961 DESCRIPTION: Samba could allow a remote attacker to bypass security restrictions, caused by improper validation of pipe names. By sending a specially crafted request, an attacker could exploit this vulnerability to access to UNIX domain sockets on the file system. CVSS Base score: 6.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 268589 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N) CVEID: CVE-2023-4091 DESCRIPTION: Samba could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes". By sending a specially crafted request, an attacker could exploit this vulnerability to truncate files to 0 bytes. CVSS Base score: 8.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 268588 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2023-42669 DESCRIPTION: Samba is vulnerable to a denial of service, caused by a flaw with rpcecho service operates with only one worker in the main RPC task. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 6.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 268415 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2022-2127 DESCRIPTION: Samba is vulnerable to a denial of service, caused by an out-of-bounds read flaw in winbind AUTH_CRAP. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base score: 5.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 261923 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2023-34966 DESCRIPTION: Samba is vulnerable to a denial of service, caused by improper input validation by the sl_unpack_loop() function. By sending specially crafted Spotlight mdssvc RPC packets, a remote attacker could exploit this vulnerability to consume available CPU resources and results in a denial of service condition. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 261220 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2023-34967 DESCRIPTION: Samba is vulnerable to a denial of service, caused by a type confusion flaw in the dalloc_value_for_key() function. By sending specially crafted Spotlight mdssvc RPC packets, a remote attacker could exploit this vulnerability to cause the worker process to crash. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 261221 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2023-34968 DESCRIPTION: Samba could allow a remote attacker to obtain sensitive information, caused by a flaw in the Spotlight protocol. By sending a specially crafted RPC request, an attacker could exploit this vulnerability to obtain the real server-side share path information, and use this information to launch further attacks against the affected system. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 261222 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2020-1968 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a Raccoon attack in the TLS specification. By computing the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite, an attacker could exploit this vulnerability to eavesdrop on all encrypted communications sent over that TLS connection. CVSS Base score: 3.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 187977 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2019-1551 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overflow in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. By performing a man-in-the-middle attack, a remote attacker could exploit this vulnerability to obtain sensitive information. CVSS Base score: 6.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 172752 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated attacker to obtain sensitive information, caused by the ability to construct an EC group missing the cofactor using explicit parameters instead of using a named curve. An attacker could exploit this vulnerability to obtain full key recovery during an ECDSA signature operation. CVSS Base score: 5.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 167020 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2019-1563 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a padding oracle attack in PKCS7_dataDecode and CMS_decrypt_set1_pkey. By sending an overly large number of messages to be decrypted, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base score: 3.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 167022 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) Affected Products and Versions +-------------------+----------------------+ |Affected Product(s)|Version(s) | +-------------------+----------------------+ |IBM QRadar SIEM |7.5.0 - 7.5.0 UP7 IF06| +-------------------+----------------------+ Remediation/Fixes IBM strongly encourages customers to update their systems promptly. +---------------+-------+---------+ |Product |Version|Fix | +---------------+-------+---------+ |IBM QRadar SIEM|7.5.0 |7.5.0 UP8| +---------------+-------+---------+ Workarounds and Mitigations None Acknowledgement Change History 27 Mar 2024: Initial Publication *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions. - --------------------------END INCLUDED TEXT---------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================