Protect yourself against future threats.
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2024.2247
IBM QRadar SIEM contains multiple vulnerabilities
12 April 2024
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Security QRadar SIEM
Publisher: IBM
Operating System: Linux
Resolution: Patch/Upgrade
CVE Names: CVE-2022-48560 CVE-2023-48795 CVE-2023-3341
CVE-2023-5676 CVE-2023-2828 CVE-2020-28241
CVE-2011-4969 CVE-2019-19203 CVE-2019-13224
CVE-2023-26604 CVE-2019-16163 CVE-2021-35939
CVE-2021-35938 CVE-2019-19204 CVE-2023-6135
CVE-2019-19012 CVE-2023-38546 CVE-2021-35937
CVE-2021-41043 CVE-2022-46329 CVE-2023-34968
CVE-2023-34967 CVE-2023-34966 CVE-2022-48564
CVE-2022-2127 CVE-2024-0553 CVE-2022-3094
CVE-2023-1786 CVE-2023-42465 CVE-2023-5388
CVE-2023-51385 CVE-2023-22081 CVE-2023-22067
CVE-2023-45803 CVE-2023-43804 CVE-2023-42669
CVE-2023-4091 CVE-2023-28487 CVE-2023-28486
CVE-2012-6708 CVE-2015-9251 CVE-2020-7656
CVE-2023-28322 CVE-2023-27043 CVE-2023-46218
CVE-2023-39615 CVE-2017-7501 CVE-2017-7500
CVE-2023-20569 CVE-2022-45061
Original Bulletin:
https://www.ibm.com/support/pages/node/7148094
Comment: CVSS (Max): 9.8 CVE-2023-51385 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: IBM
Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Document Information
Document number : 7148094
Modified date : 11 April 2024
Product : IBM Security QRadar SIEM
Component : -
Software version : 7.5
Operating system(s): Linux
Security Bulletin
Summary
IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that
could be identified and exploited with automated tools. These have been
addressed in the update.
Vulnerability Details
CVEID: CVE-2023-34967
DESCRIPTION: Samba is vulnerable to a denial of service, caused by a type
confusion flaw in the dalloc_value_for_key() function. By sending specially
crafted Spotlight mdssvc RPC packets, a remote attacker could exploit this
vulnerability to cause the worker process to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
261221 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-48795
DESCRIPTION: OpenSSH is vulnerable to a machine-in-the-middle attack, caused by
a flaw in the extension negotiation process in the SSH transport protocol when
used with certain OpenSSH extensions. A remote attacker could exploit this
vulnerability to launch a machine-in-the-middle attack and strip an arbitrary
number of messages after the initial key exchange, breaking SSH extension
negotiation and downgrading the client connection security.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
275282 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVEID: CVE-2023-39615
DESCRIPTION: Xmlsoft Libxml2 is vulnerable to a denial of service, caused by a
global buffer overflow in the xmlSAX2StartElement() function at /libxml2/
SAX2.c. By supplying a crafted XML file, a remote attacker could exploit this
vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
264758 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-51385
DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary
commands on the system, caused by improper validation of shell metacharacters.
By sending a specially crafted request using expansion tokens, an attacker
could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
275402 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2021-35937
DESCRIPTION: RPM Project RPM could allow a local authenticated attacker to gain
elevated privileges on the system, caused by a TOCTOU race in checks for unsafe
symlinks. An attacker could exploit this vulnerability to bypass the checks
that were introduced in response to CVE-2017-7500 and CVE-2017-7501 and gain
root privileges on the system.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
211335 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2021-35938
DESCRIPTION: RPM Project RPM could allow a local authenticated attacker to gain
elevated privileges on the system, caused by a symbolic link when setting the
desired permissions and credentials after installing a file. An attacker could
exploit this vulnerability to exchange the original file with a symbolic link
to a security-critical file and gain elevated privileges on the system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
211337 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2021-35939
DESCRIPTION: RPM Project RPM could allow a local authenticated attacker to gain
elevated privileges on the system, caused by the failure to perform checks for
unsafe symlinks for intermediary directories. An attacker could exploit this
vulnerability to gain root privileges on the system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
211338 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2023-42669
DESCRIPTION: Samba is vulnerable to a denial of service, caused by a flaw with
rpcecho service operates with only one worker in the main RPC task. By sending
a specially crafted request, a remote authenticated attacker could exploit this
vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
268415 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-28322
DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security
restrictions, caused by a flaw in the logic for a reused handle when it is
(expected to be) changed from a PUT to a POST.. By sending a specially crafted
request, an attacker could exploit this vulnerability to cause application to
misbehave and either send off the wrong data or use memory after free or
similar in the second transfer.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
255626 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2023-46218
DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security
restrictions, caused by a mixed case flaw when curl is built without PSL
support. By sending a specially crafted request, an attacker could exploit this
vulnerability to allow a HTTP server to set "super cookies" in curl.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
273320 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2023-38546
DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security
restrictions, caused by a flaw in the curl_easy_duphandle function if a
transfer has cookies enabled when the handle is duplicated. By sending a
specially crafted request, an attacker could exploit this vulnerability to
insert cookies at will into a running program.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
268046 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2023-43804
DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain
sensitive information, caused by a flaw with cookie request header not stripped
during cross-origin redirects. By sending a specially crafted request, an
attacker could exploit this vulnerability to obtain sensitive information, and
use this information to launch further attacks against the affected system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
268192 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N)
CVEID: CVE-2023-45803
DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain
sensitive information, caused by a flaw with not remove the HTTP request body
when an HTTP redirect response using status 303. By sending a specially crafted
HTTP request, an attacker could exploit this vulnerability to obtain sensitive
information, and use this information to launch further attacks against the
affected system.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
269079 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2023-5388
DESCRIPTION: Red Hat Enterprise Linux could allow a remote authenticated
attacker to obtain sensitive information, caused by an observable timing
discrepancy in the numerical library used in NSS for RSA cryptography. An
attacker could exploit this vulnerability to obtain sensitive information and
use this information to conduct Bleichenbacher or Manger attacks against the
affected system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
279130 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2023-6135
DESCRIPTION: Mozilla Network Security Services (NSS) NIST curves, as used in
Mozilla Firefox, could allow a remote attacker to obtain sensitive information,
caused by a side-channel attack known as "Minerva". By persuading a victim to
visit a specially crafted Web site, a remote attacker could exploit this
vulnerability to recover private keys.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
275393 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVEID: CVE-2011-4969
DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper
validation of user-supplied input when handling the "location.hash" property. A
remote attacker could exploit this vulnerability to inject malicious script
into a Web page which would be executed in a victim's Web browser within the
security context of the hosting Web site, once the page is viewed. An attacker
could use this vulnerability to steal the victim's cookie-based authentication
credentials.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
82875 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVEID: CVE-2020-7656
DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper
validation of user-supplied input by the load method. A remote attacker could
exploit this vulnerability to inject malicious script into a Web page which
would be executed in a victim's Web browser within the security context of the
hosting Web site, once the page is viewed. An attacker could use this
vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
182264 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2015-9251
DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper
validation of user-supplied input. A remote attacker could exploit this
vulnerability using a specially-crafted URL to execute script in a victim's Web
browser within the security context of the hosting Web site, once the URL is
clicked. An attacker could use this vulnerability to steal the victim's
cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
138029 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2012-6708
DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper
validation of user-supplied input by the jQuery(strInput) function. A remote
attacker could exploit this vulnerability using the to inject malicious script
into a Web page which would be executed in a victim's Web browser within the
security context of the hosting Web site, once the page is viewed. An attacker
could use this vulnerability to steal the victim's cookie-based authentication
credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
138055 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2019-13224
DESCRIPTION: oniguruma is vulnerable to a denial of service, caused by a
use-after-free in onig_new_deluxe() in regext.c. By persuading a victim to
compile a specially crafted file and execute its object code, a remote attacker
could exploit this vulnerability to achieve information disclosure, denial of
service, or possibly code execution
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
166875 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-16163
DESCRIPTION: oniguruma is vulnerable to a denial of service, caused by stack
exhaustion in regcomp.c due to recursion in regparse.c. By persuading a victim
to compile a specially crafted file and execute its object code, a remote
attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
166736 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-19012
DESCRIPTION: Oniguruma is vulnerable to a denial of service, caused by an
integer overflow in the search_in_range function in regexec.c. By using a
specially crafted regular expression, a local attacker could exploit this
vulnerability to cause the application to crash or obtain sensitive
information.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
172008 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
CVEID: CVE-2019-19203
DESCRIPTION: Oniguruma is vulnerable to a heap-based buffer overflow, caused by
improper bounds checking by the function gb18030_mbc_enc_len in file gb18030.c.
By using a specially-crafted input, a local attacker could overflow a buffer
and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
172170 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-19204
DESCRIPTION: Oniguruma is vulnerable to a heap-based buffer overflow, caused by
improper bounds checking by the function fetch_interval_quantifier in
regparse.c. By using a specially-crafted input, a local attacker could overflow
a buffer and execute arbitrary code on the system or cause the application to
crash.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
172169 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2023-26604
DESCRIPTION: systemd could allow a local authenticated attacker to gain
elevated privileges on the system, caused by the failure to set LESSSECURE to 1
in the configurations. By sending a specially crafted request, an attacker
could exploit this vulnerability to gain root privileges on the system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
249251 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)
CVEID: CVE-2023-20569
DESCRIPTION: Multiple AMD CPUs could allow a local authenticated attacker to
obtain sensitive information, caused by a side channel vulnerability. By
sending a specially crafted request to influence the return address prediction,
an attacker could exploit this vulnerability to obtain sensitive information,
and use this information to launch further attacks against the affected system.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
262744 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2022-46329
DESCRIPTION: Intel PROSet/Wireless WiFi and Killer WiFi products could allow a
local authenticated attacker to gain elevated privileges on the system, caused
by protection mechanism failure. By sending a specially crafted request, an
attacker could exploit this vulnerability to escalate privileges.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
262756 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
CVEID: CVE-2021-41043
DESCRIPTION: Tcpdump tcpslice is vulnerable to a denial of service, caused by a
use-after-free flaw. By persuading a victim to open a specially-crafted file, a
remote attacker could exploit this vulnerability to cause a segmentation fault,
and results in a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
216706 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-34968
DESCRIPTION: Samba could allow a remote attacker to obtain sensitive
information, caused by a flaw in the Spotlight protocol. By sending a specially
crafted RPC request, an attacker could exploit this vulnerability to obtain the
real server-side share path information, and use this information to launch
further attacks against the affected system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
261222 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2023-34966
DESCRIPTION: Samba is vulnerable to a denial of service, caused by improper
input validation by the sl_unpack_loop() function. By sending specially crafted
Spotlight mdssvc RPC packets, a remote attacker could exploit this
vulnerability to consume available CPU resources and results in a denial of
service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
261220 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2022-2127
DESCRIPTION: Samba is vulnerable to a denial of service, caused by an
out-of-bounds read flaw in winbind AUTH_CRAP. By sending a specially crafted
request, a remote attacker could exploit this vulnerability to cause the
application to crash.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
261923 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-28486
DESCRIPTION: Sudo Project Sudo could allow a remote attacker to obtain
sensitive information, caused by improper escaping terminal control characters
during logging operations. By sending specially crafted terminal control
commands, an attacker could exploit this vulnerability to obtain restricted
information information, and use this information to launch further attacks
against the affected system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
250349 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2023-28487
DESCRIPTION: Sudo Project Sudo could allow a remote attacker to obtain
sensitive information, caused by improper escaping terminal control characters
by the "sudoreplay -l" command. By sending specially crafted terminal control
commands, an attacker could exploit this vulnerability to obtain restricted
information information, and use this information to launch further attacks
against the affected system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
250350 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2023-42465
DESCRIPTION: Sudo Project Sudo could allow a remote attacker to bypass security
restrictions, caused by a fault injection flaw in the stack/register variables.
By sending a specially crafted request, an attacker could exploit this
vulnerability to bypass access restrictions.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
275681 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2023-1786
DESCRIPTION: Canonical cloud-init could allow a local authenticated attacker to
obtain sensitive information, caused by the storage of sensitive data in the
log files. By gaining access to the log files, an attacker could exploit this
vulnerability to obtain hashed passwords information, and use this information
to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
253877 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2020-28241
DESCRIPTION: Libmaxminddb is vulnerable to a heap-based buffer overflow, caused
by improper bounds checking in dump_entry_data_list in maxminddb.c. A remote
attacker could overflow a buffer and execute arbitrary code on the system or
cause the application.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
191345 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2023-22081
DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE
component could allow a remote attacker to cause no confidentiality impact, no
integrity impact, and low availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
268929 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2023-22067
DESCRIPTION: An unspecified vulnerability in Java SE related to the CORBA
component could allow a remote attacker to cause no confidentiality impact, low
integrity impact, and no availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
268928 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2023-5676
DESCRIPTION: Eclipse OpenJ9 is vulnerable to a denial of service, caused by a
flaw when a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the
JVM has finished initializing. By sending a specially crafted request, a local
authenticated attacker could exploit this vulnerability to cause an infinite
busy hang on a spinlock or a segmentation fault.
CVSS Base score: 4.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
271615 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-27043
DESCRIPTION: Python could allow a remote attacker to bypass security
restrictions, caused by a parsing flaw in the email.utils.parsaddr() and
email.utils.getaddresses() functions. By sending a specially-crafted e-mail
addresses with a special character, an attacker could exploit this
vulnerability to send messages from e-mail addresses that would otherwise be
rejected.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
253191 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2022-48564
DESCRIPTION: Python is vulnerable to a denial of service, caused by a flaw in
the read_ints function in plistlib.py. By persuading a victim to open a
specially crafted Apple Property List file file, a remote attacker could
exploit this vulnerability to cause CPU and RAM exhaustion, and results in a
denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
264546 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2022-48560
DESCRIPTION: Python is vulnerable to a denial of service, caused by a
use-after-free flaw in the heappushpop() function in the heapq module. By
sending a specially crafted request, a local attacker could exploit this
vulnerability to cause a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
264844 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-2828
DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a flaw
that allows the named's configured cache size limit to be significantly
exceeded. By querying the resolver for specific RRsets in a certain order, a
remote attacker could exploit this vulnerability to exhaust all memory on the
host.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
258607 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2023-3341
DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a stack
exhaustion flaw in control channel code. By sending a specially crafted message
over the control channel, a remote attacker could exploit this vulnerability to
cause named to terminate.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
266515 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2022-3094
DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the
allocation of memory prior to the checking of access permissions (ACLs). By
sending an UPDATE message flood, a remote attacker could exploit this
vulnerability to cause named to exhaust all available memory.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
245430 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2022-45061
DESCRIPTION: Python is vulnerable to a denial of service, caused by an
unnecessary quadratic algorithm exists in one path when processing some inputs
to the IDNA (RFC 3490) decoder. By sending a specially-crafted input, a remote
attacker could exploit this vulnerability to cause a CPU denial of service
condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
240593 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2024-0553
DESCRIPTION: GnuTLS could allow a remote attacker to obtain sensitive
information. By perform a timing side-channel attack in the RSA-PSK key
exchange, a remote attacker could exploit this vulnerability to obtain
sensitive information.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
279606 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2023-4091
DESCRIPTION: Samba could allow a remote authenticated attacker to bypass
security restrictions, caused by a flaw when using the acl_xattr Samba VFS
module with the smb.conf setting "acl_xattr:ignore system acls = yes". By
sending a specially crafted request, an attacker could exploit this
vulnerability to truncate files to 0 bytes.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
268588 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
+-------------------+---------------+
|Affected Product(s)|Version(s) |
+-------------------+---------------+
|IBM QRadar SIEM |7.5 - 7.5.0 UP8|
+-------------------+---------------+
Remediation/Fixes
IBM encourages customers to update their systems promptly.
+---------------+-------+--------------+
|Product |Version|Fix |
+---------------+-------+--------------+
|IBM QRadar SIEM|7.5.0 |7.5.0 UP8 IF01|
+---------------+-------+--------------+
Workarounds and Mitigations
None
Acknowledgement
Change History
11 Apr 2024: Initial Publication
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to
address potential vulnerabilities, IBM periodically updates the record of
components contained in our product offerings. As part of that effort, if IBM
identifies previously unidentified packages in a product/service inventory, we
address relevant vulnerabilities regardless of CVE date. Inclusion of an older
CVEID does not demonstrate that the referenced product has been used by IBM
since that date, nor that IBM was aware of a vulnerability as of that date. We
are making clients aware of relevant vulnerabilities as we become aware of
them. "Affected Products and Versions" referenced in IBM Security Bulletins are
intended to be only products and versions that are supported by IBM and have
not passed their end-of-support or warranty date. Thus, failure to reference
unsupported or extended-support products and versions in this Security Bulletin
does not constitute a determination by IBM that they are unaffected by the
vulnerability. Reference to one or more unsupported versions in this Security
Bulletin shall not create an obligation for IBM to provide fixes for any
unsupported or extended-support products or versions.
- --------------------------END INCLUDED TEXT----------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================