Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.4416 Security Bulletin: XStream as used by IBM QRadar SIEM is vulnerable to os command injection (CVE-2019-10173) 21 November 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM QRadar Publisher: IBM Operating System: Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-10173 CVE-2013-7285 Reference: ESB-2019.2734 ESB-2015.2574 ESB-2014.1319 ESB-2014.0477 Original Bulletin: https://www.ibm.com/support/pages/node/1109925 - --------------------------BEGIN INCLUDED TEXT-------------------- XStream as used by IBM QRadar SIEM is vulnerable to OS command injection (CVE-2019-10173) Security Bulletin Summary XStream as used by IBM QRadar SIEM is vulnerable to OS command injection Vulnerability Details CVEID: CVE-2019-10173 DESCRIPTION: It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285) CVSS Base score: 9.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 164187 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions . IBM QRadar 7.3.0 to 7.3.2 Patch 4 Remediation/Fixes IBM QRadar/QRM/QVM/QRIF/QNI 7.3.2Patch 5 Workarounds and Mitigations None Get Notified about Future Security Bulletins References - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXdYzBGaOgq3Tt24GAQgThw//RyYzsBHXiwsXiR5vTKXlGHtztCADMkVb ReCL7Tqv0PDMZWeV0d3/GEsWhQ+lFiAdFhdu2MLF02v8odSvIvh8J2e7LqSeeyAD 1qPIA4Ooh3tXLJjdZKOxRaBK4KHCkv2o23zQsG/8Hi0peLqLqmok8y9iZ71NDPCS 6wCyE8xdylCjHakOBs/0aOQ1ntZkaDP3+45fgymBLX61wuxwIL9C2POpirolqO8T rC5/Wq7pJgKO0mwOD9PKF1PbuWzAg1bUpMzIZIfsCDvbu8kQ3Kbol2gbGeBJss4d re+NwY6JVH7f1dp1KgGD6rhOeTuoIUO+/UxPzxN5aeQHYwxqhQ3OOd+ehLfTQu5p dnDPs+4uMzYBXLoW0dW7yCAcv69UWebHdT+n7HNOTSxCUmzXQhC5w87vkxHdY70L BD8yH6zEN1KaNLAy1uHD4bGJEp6oKkc1QbKIBPcUKfol5gFfznZ9pYvn7cZY3JRv /1+22f3BTp2sa9WJEVKcb6BD7k46+VEvRlo2Vf+WE/1IRZIRNlzDbUOISTZ7t1Yq Uyu3UlDbjN1NmSixmT54c4PypAfiYhTL6h/RqCcEwaB9V9lDC1ZjWugiODUonaaw vDhknVmcFvllzrm0rrFov2K2pz81UPSkfDSCIf5ocIbsamRbYUlBvzIeFZUBciQW SrGY8dYG09c= =ssvU -----END PGP SIGNATURE-----