ESB-2018.0085 - [Linux] IBM QRadar SIEM: Multiple vulnerabilities 2018-01-08

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.0085
     Multiple vulnerabilities have been identified in IBM QRadar SIEM
                              8 January 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM QRadar SIEM
Publisher:         IBM
Operating System:  Linux variants
Impact/Access:     Access Privileged Data -- Remote/Unauthenticated      
                   Increased Privileges   -- Existing Account            
                   Cross-site Scripting   -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-10116 CVE-2017-10115 CVE-2017-1623
                   CVE-2016-9722  

Reference:         ESB-2017.3154
                   ESB-2017.3141

Original Bulletin: 
   http://www.ibm.com/support/docview.wss?uid=swg22012344
   http://www.ibm.com/support/docview.wss?uid=swg22012293
   http://www.ibm.com/support/docview.wss?uid=swg22012301

Comment: This bulletin contains three (3) IBM security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: IBM QRadar SIEM is vulnerable to cross site scripting.
(CVE-2017-1623)

Document information

More support for: IBM Security QRadar SIEM

Software version: 7.2, 7.3

Operating system(s): Linux

Software edition: All Editions

Reference #: 2012344

Modified date: 05 January 2018

PSIRT

Security Bulletin


Summary

The product allows users to embed arbitrary JavaScript code in the Web UI thus
altering the intended functionality and allowing spoofing attacks.

Vulnerability Details

CVEID: CVE-2017-1623
DESCRIPTION: IBM QRadar is vulnerable to cross-site scripting. This
vulnerability allows users to embed arbitrary JavaScript code in the Web UI
thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
133121 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

. IBM QRadar 7.3 to 7.3.0 Patch 7

. IBM QRadar 7.2 to 7.2.8 Patch 10

Remediation/Fixes

. IBM QRadar/QRM/QVM/QRIF/QNI 7.3.1 GA

. IBM QRadar/QRM/QVM/QRIF/QNI 7.2.8 Patch 11

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support
alerts like this.

References

Complete CVSS v3 Guide
On-line Calculator v3


Related information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog


Acknowledgement

IBM X-Force Ethical Hacking Team: Ron Craig, Warren Moynihan, Jonathan
Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza

Change History

05 January 2018: First Publish

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- -------------------------------------------------------------------------------

Security Bulletin: IBM QRadar SIEM is vulnerable to incorrect permission
assignment. (CVE-2016-9722)

Document information

More support for: IBM Security QRadar SIEM

Software version: 7.2, 7.3

Operating system(s): Linux

Software edition: All Editions

Reference #: 2012293

Modified date: 05 January 2018

Security Bulletin

Summary

The software specifies permissions for a security-critical resource in a way
that allows that resource to be read or modified by unintended actors.

Vulnerability Details

CVE-ID: CVE-2016-9722

Description: IBM QRadar specifies permissions for a security-critical resource
in a way that allows that resource to be read or modified by unintended
actors. 
CVSS Base Score: 4.20
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
119737 for the current score
CVSS Environmental Score: *Undefined
CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected Products and Versions

. IBM QRadar 7.3 to 7.3.0 Patch 6

. IBM QRadar 7.2 to 7.2.8 Patch 10

Remediation/Fixes

. IBM QRadar/QRM/QVM/QRIF/QNI 7.3.1 GA

. IBM QRadar/QRM/QVM/QRIF/QNI 7.3.0 Patch 7

. IBM QRadar SIEM 7.2.8 Patch 11

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support
alerts like this.

References

Complete CVSS v3 Guide
On-line Calculator v3


Related information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog


Acknowledgement

IBM X-Force Ethical Hacking Team: Ron Craig, Warren Moynihan, Jonathan
Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza

Change History

05 January 2018: First Publish

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- -------------------------------------------------------------------------------

Security Bulletin: IBM Java as used in IBM QRadar SIEM is vulnerable to
sensitive information leakage. (CVE-2017-10115)

Document information

More support for: IBM Security QRadar SIEM

Software version: 7.2, 7.3

Operating system(s): Linux

Software edition: All Editions

Reference #: 2012301

Modified date: 05 January 2018

Security Bulletin

Summary

All applicable CVEs from the Java Quarterly CPU - Jul 2017.

Vulnerability Details

CVE-ID: CVE-2017-10115

Description: An unspecified vulnerability in Oracle Java SE related to the Java
SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated
attacker to obtain sensitive information resulting in a high confidentiality
impact using unknown attack vectors. CVE-2017-10116 

CVSS Base Score: 7.50
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
128876 for the current score
CVSS Environmental Score: *Undefined
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products and Versions

. IBM QRadar 7.3 to 7.3.0 Patch 7

. IBM QRadar 7.2 to 7.2.8 Patch 10

Remediation/Fixes

. IBM QRadar/QRM/QVM/QRIF/QNI 7.3.1 GA

. IBM QRadar/QRM/QVM/QRIF/QNI 7.2.8 Patch 11

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support
alerts like this.

References

Complete CVSS v3 Guide
On-line Calculator v3


Related information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog


Change History

05 January 2018: First Publish

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWlL8OYx+lLeg9Ub1AQh+Ow/+I0GjFI3l2kwViJ+NDdVBKYmZdWdQ6ahq
8zDKehoTw+ZqzfQtFzwAGzueMwDMQuY1VTOQM+xITSp1WezCF0dCXfhle6YxTmmC
GZtvV/p0kUqATkkaidpqUj0Q9W4W4Fi2jxjKNM2DQZoYiSDSDwf7NuUWM5BjP3wF
MjcgheLNPdAWpAFdWOcJwRbs7ZfLEkzhu0/XGnfF98gQ6Tv56xpflOF26X9vRYGW
ugRAfH2Vi2hgVneReq9pmutszRbg+9RdxwjBg6lwOZ9u3Dbgw7JFbKKWuFSkP+8R
vIOFLmHOlZD1WzI643yOW8RWcJXnM9bXnAezMdzwn2/Tq/KnlGo69+E/MTHHsR4T
vsfKsungl7smbRtkvs8aiH8X6zpH5HFhMao/9NYGK5FeacR7Pj0zEiXVpNp+vDTd
F/Ow/qH5Dg08/7OqNJruSgWyHBIpr7++DMnMRj+wcqHHFsiO1IZy0h4ycF1uQxfP
HhZ90MdaiJMvqdEkizaIvXzuhMruSiKQs+jrmq+8T33fPBt7+a2i9pAJmtaSNs+O
fgsEwyKzck0ntRTT3PuvV02TnJ8dNlHVz/h+H9q5IQqJxL+l1hBOoZOnTjw2tlzO
RF0GtKTbWvO8IDXD5IEGVLf3W47852PzQH2OwuC9nh0HyXgL1TXxEjTCPaTtIYsR
FXJwg4qSBDU=
=Fq0s
-----END PGP SIGNATURE-----

« Back to bulletins