Operating System:

[LINUX]

Published:

21 November 2019

Protect yourself against future threats.

//Service

Security Bulletins

Receive up to date and consistent security bulletins across a wide range of vendors, streamlining security patching.

Read more
Resources > Security Bulletins > ESB-2019.4416 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.4416
         Security Bulletin: XStream as used by IBM QRadar SIEM is
            vulnerable to os command injection (CVE-2019-10173)
                             21 November 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM QRadar
Publisher:         IBM
Operating System:  Linux variants
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-10173 CVE-2013-7285 

Reference:         ESB-2019.2734
                   ESB-2015.2574
                   ESB-2014.1319
                   ESB-2014.0477

Original Bulletin: 
   https://www.ibm.com/support/pages/node/1109925

- --------------------------BEGIN INCLUDED TEXT--------------------

XStream as used by IBM QRadar SIEM is vulnerable to OS command injection
(CVE-2019-10173)

Security Bulletin

Summary

XStream as used by IBM QRadar SIEM is vulnerable to OS command injection

Vulnerability Details

CVEID: CVE-2019-10173
DESCRIPTION: It was found that xstream API version 1.4.10 before 1.4.11
introduced a regression for a previous deserialization flaw. If the security
framework has not been initialized, it may allow a remote attacker to run
arbitrary shell commands when unmarshalling XML or any supported format. e.g.
JSON. (regression of CVE-2013-7285)
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
164187 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

. IBM QRadar 7.3.0 to 7.3.2 Patch 4

Remediation/Fixes

IBM QRadar/QRM/QVM/QRIF/QNI 7.3.2Patch 5

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXdYzBGaOgq3Tt24GAQgThw//RyYzsBHXiwsXiR5vTKXlGHtztCADMkVb
ReCL7Tqv0PDMZWeV0d3/GEsWhQ+lFiAdFhdu2MLF02v8odSvIvh8J2e7LqSeeyAD
1qPIA4Ooh3tXLJjdZKOxRaBK4KHCkv2o23zQsG/8Hi0peLqLqmok8y9iZ71NDPCS
6wCyE8xdylCjHakOBs/0aOQ1ntZkaDP3+45fgymBLX61wuxwIL9C2POpirolqO8T
rC5/Wq7pJgKO0mwOD9PKF1PbuWzAg1bUpMzIZIfsCDvbu8kQ3Kbol2gbGeBJss4d
re+NwY6JVH7f1dp1KgGD6rhOeTuoIUO+/UxPzxN5aeQHYwxqhQ3OOd+ehLfTQu5p
dnDPs+4uMzYBXLoW0dW7yCAcv69UWebHdT+n7HNOTSxCUmzXQhC5w87vkxHdY70L
BD8yH6zEN1KaNLAy1uHD4bGJEp6oKkc1QbKIBPcUKfol5gFfznZ9pYvn7cZY3JRv
/1+22f3BTp2sa9WJEVKcb6BD7k46+VEvRlo2Vf+WE/1IRZIRNlzDbUOISTZ7t1Yq
Uyu3UlDbjN1NmSixmT54c4PypAfiYhTL6h/RqCcEwaB9V9lDC1ZjWugiODUonaaw
vDhknVmcFvllzrm0rrFov2K2pz81UPSkfDSCIf5ocIbsamRbYUlBvzIeFZUBciQW
SrGY8dYG09c=
=ssvU
-----END PGP SIGNATURE-----