-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3485
        Security Bulletin: IBM QRadar SIEM multiple vulnerabilities
                              8 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM QRadar SIEM
Publisher:         IBM
Operating System:  Linux variants
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account            
                   Denial of Service               -- Remote/Unauthenticated      
                   Cross-site Scripting            -- Remote with User Interaction
                   Provide Misleading Information  -- Remote/Unauthenticated      
                   Access Confidential Data        -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-13935 CVE-2020-13934 CVE-2020-11023
                   CVE-2020-11022 CVE-2020-5408 CVE-2020-5398
                   CVE-2020-4280 CVE-2020-1954 CVE-2020-1945
                   CVE-2020-1941 CVE-2020-0549 CVE-2020-0548
                   CVE-2020-0543 CVE-2019-17573 CVE-2019-17566
                   CVE-2019-13990 CVE-2019-12423 CVE-2019-12419
                   CVE-2019-12406 CVE-2019-10247 CVE-2019-10241
                   CVE-2019-4545 CVE-2019-4378 CVE-2019-0222
                   CVE-2018-15494 CVE-2018-12545 CVE-2018-12536
                   CVE-2018-11775 CVE-2018-8006 CVE-2017-15709
                   CVE-2017-9735 CVE-2017-7658 CVE-2017-7657
                   CVE-2017-7656 CVE-2015-7559 CVE-2010-4710

Reference:         ASB-2020.0132
                   ASB-2020.0072
                   ESB-2020.2775
                   ESB-2020.2694
                   ESB-2020.2619
                   ESB-2018.3913
                   ESB-2018.2543

Original Bulletin: 
   https://www.ibm.com/support/pages/node/6344079
   https://www.ibm.com/support/pages/node/6344075
   https://www.ibm.com/support/pages/node/6344077
   https://www.ibm.com/support/pages/node/6344071

Comment: This bulletin contains four (4) IBM security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

IBM QRadar SIEM is vulnerable to deserialization of untrusted data

Security Bulletin

Summary

IBM QRadar SIEM could allow a remote attacker to execute arbitrary commands on
the system, caused by insecure deserialization of user-supplied content by the
Java deserialization function

Vulnerability Details

CVEID: CVE-2020-4280
DESCRIPTION: IBM QRadar could allow a remote attacker to execute arbitrary
commands on the system, caused by insecure deserialization of user-supplied
content by the Java deserialization function. By sending a malicious serialized
Java object, an attacker could exploit this vulnerability to execute arbitrary
commands on the system.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
176140 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

IBM QRadar SIEM 7.4.0 - 7.4.1 GA

IBM QRadar SIEM 7.3.0 - 7.3.3 Patch 4

Remediation/Fixes

QRadar / QRM / QVM / QRIF / QNI 7.4.1 Patch 1

QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 5

Workarounds and Mitigations

None

- -------------------------------------------------------------------------------

IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities

Security Bulletin

Summary

The product includes vulnerable components (e.g., framework libraries) that may
be identified and exploited with automated tools.

Vulnerability Details

CVEID: CVE-2020-13934
DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by not
releasing the HTTP/1.1 processor after the upgrade to HTTP/2 in an h2c direct
connection. By sending specially-crafted requests, a remote attacker could
exploit this vulnerability to cause OutOfMemoryException resulting in a denial
of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
185239 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2019-17566
DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused
by improper input validation by the "xlink:href" attributes. By using a
specially-crafted argument, an attacker could exploit this vulnerability to
cause the underlying server to make arbitrary GET requests.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
183402 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID: CVE-2019-4378
DESCRIPTION: IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12,
9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 command server is
vulnerable to a denial of service attack caused by an authenticated and
authorized user using specially crafted PCF messages. IBM X-Force ID: 162084.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
162084 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2020-1945
DESCRIPTION: Apache Ant could allow a remote attacker to bypass security
restrictions, caused by the use of an insecure temporary directory to store
source files. By sending a specially-crafted request, an attacker could exploit
this vulnerability to obtain sensitive information and inject modified source
files into the build process.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
181875 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID: CVE-2020-0543
DESCRIPTION: Xen and multiple Intel processors could allow a local
authenticated attacker to obtain sensitive information, caused by an incomplete
cleanup from specific special register read operations in some Intel
Processors. An attacker could exploit this vulnerability to obtain sensitive
information.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
183116 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)

CVEID: CVE-2020-0548
DESCRIPTION: Multiple Intel Processors could allow a local authenticated
attacker to obtain sensitive information, caused by cleanup errors. An attacker
could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 2.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
175117 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N)

CVEID: CVE-2020-0549
DESCRIPTION: Multiple Intel Processors could allow a local authenticated
attacker to obtain sensitive information, caused by cleanup errors in some data
cache evictions. An attacker could exploit this vulnerability to obtain
sensitive information.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
175118 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)

CVEID: CVE-2010-4710
DESCRIPTION: YUI Library is vulnerable to cross-site scripting, caused by
improper validation of user-supplied input by the addItem method in the Menu
widget. A remote attacker could exploit this vulnerability using a field that
is added to a menu to inject malicious script into a Web page which would be
executed in a victim's Web browser within the security context of the hosting
Web site, once the page is viewed. An attacker could use this vulnerability to
steal the victim's cookie-based authentication credentials.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
65180 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID: CVE-2020-5408
DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to
obtain sensitive information, caused by the use of a fixed null initialization
vector with CBC Mode. By using dictionary attack techniques, an attacker could
exploit this vulnerability to obtain sensitive information, and use this
information to launch further attacks against the affected system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
181969 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2019-13990
DESCRIPTION: Terracotta could allow a remote attacker to obtain sensitive
information, caused by improper handling of XML external entity (XXE)
declarations by the initDocumentParser function in xml/
XMLSchedulingDataProcessor.java. By persuading a victim to open
specially-crafted XML content, a remote attacker could exploit this
vulnerability to read arbitrary files.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
165431 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID: CVE-2020-13935
DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by
improper validation of the payload length in a WebSocket frame. By sending
multiple requests with invalid payload lengths, a remote attacker could exploit
this vulnerability to cause the application to enter into an infinite loop.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
185227 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2019-10241
DESCRIPTION: Eclipse Jetty is vulnerable to cross-site scripting, caused by
improper validation of user-supplied input by the DefaultServlet and
ResourceHandler. A remote attacker could exploit this vulnerability using a
specially-crafted URL to execute script in a victim's Web browser within the
security context of the hosting Web site, once the URL is clicked. An attacker
could use this vulnerability to steal the victim's cookie-based authentication
credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
160676 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2019-10247
DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive
information, caused by a flaw in the DefaultHandler. By sending a
specially-crafted request, a remote attacker could exploit this vulnerability
to obtain sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
160610 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2020-11023
DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper
validation of user-supplied input by the option elements. A remote attacker
could exploit this vulnerability to inject malicious script into a Web page
which would be executed in a victim's Web browser within the security context
of the hosting Web site, once the page is viewed. An attacker could use this
vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
181350 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2020-11022
DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper
validation of user-supplied input by the jQuery.htmlPrefilter method. A remote
attacker could exploit this vulnerability to inject malicious script into a Web
page which would be executed in a victim's Web browser within the security
context of the hosting Web site, once the page is viewed. An attacker could use
this vulnerability to steal the victim's cookie-based authentication
credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
181349 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2018-15494
DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by
improper validation of user-supplied input by the DataGrid component. A remote
attacker could exploit this vulnerability to inject malicious script into a Web
page which would be executed in a victim's Web browser within the security
context of the hosting Web site, once the page is viewed. An attacker could use
this vulnerability to steal the victim's cookie-based authentication
credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
148556 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2020-5398
DESCRIPTION: Spring Framework could allow a remote attacker to obtain sensitive
information, caused by a flaw when it sets a Content-Disposition header in the
response. By using a reflected file download (RFD) attack, a remote attacker
could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
174711 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Third Party Entry: 180875
DESCRIPTION: jQuery cross-site scripting
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
180875 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Third Party Entry: 180875
DESCRIPTION: jQuery cross-site scripting
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
180875 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Third Party Entry: 180875
DESCRIPTION: jQuery cross-site scripting
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
180875 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Third Party Entry: 180875
DESCRIPTION: jQuery cross-site scripting
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
180875 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

IBM QRadar SIEM 7.4.0 - 7.4.1 GA

IBM QRadar SIEM 7.3.0 - 7.3.3 Patch 4

Remediation/Fixes

QRadar / QRM / QVM / QRIF / QNI 7.4.1 Patch 1

QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 5

Workarounds and Mitigations

None

- -------------------------------------------------------------------------------

IBM QRadar SIEM is vulnerable to KDC Spoofing (CVE-2019-4545)

Security Bulletin

Summary

IBM QRadar SIEM when configured to use Active Directory Authentication 
may be susceptible to spoofing attacks.

Vulnerability Details

CVEID:   CVE-2019-4545
DESCRIPTION:   IBM QRadar SIEM when configured to use Active Directory 
Authentication may be susceptible to spoofing attacks.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
165877 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM QRadar SIEM 7.4.0 - 7.4.1 GA
IBM QRadar SIEM 7.3.0 - 7.3.3 Patch 4

Remediation/Fixes
QRadar / QRM / QVM / QRIF / QNI 7.4.1 Patch 1
QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 5

Workarounds and Mitigations

None

Change History

07 Oct 2020: Initial Publication

- -------------------------------------------------------------------------------

IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities

Security Bulletin

Summary

The product includes vulnerable components (e.g., framework libraries) that may
be identified and exploited with automated tools.

Vulnerability Details

CVEID:   CVE-2018-12545
DESCRIPTION:   Eclipse Jetty is vulnerable to a denial of service, caused by the
additional CPU and memory allocations required to handle changed settings. By
sending either large SETTINGs frames container containing many settings, or many
small SETTINGs frames, a remote attacker could exploit this vulnerability to 
cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
161491 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2017-9735
DESCRIPTION:   Jetty could allow a remote attacker to obtain sensitive 
information, caused by a timing channel flaw in util/security/Password.java. By
 observing elapsed times before rejection of incorrect passwords, an attacker 
could exploit this vulnerability to obtain access information.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
127842 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2017-7658
DESCRIPTION:   Eclipse Jetty is vulnerable to HTTP request smuggling, caused by
a flaw when handling more than one Content-Length headers. By sending a 
specially-crafted request, an attacker could exploit this vulnerability to 
poison the web cache, bypass web application firewall protection, and conduct
XSS attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
145522 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:   CVE-2017-7657
DESCRIPTION:   Eclipse Jetty is vulnerable to HTTP request smuggling, caused by
improper handling of Chunked Transfer-Encoding chunk size. By sending a 
specially-crafted request, an attacker could exploit this vulnerability to 
poison the web cache, bypass web application firewall protection, and conduct 
XSS attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
145521 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:   CVE-2017-7656
DESCRIPTION:   Eclipse Jetty is vulnerable to HTTP request smuggling, caused by
 a flaw in the HTTP/1.x Parser. By sending a specially-crafted request, an
attacker could exploit this vulnerability to poison the web cache, bypass web 
application firewall protection, and conduct XSS attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
145520 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:   CVE-2019-10241
DESCRIPTION:   Eclipse Jetty is vulnerable to cross-site scripting, caused by
improper validation of user-supplied input by the DefaultServlet and 
ResourceHandler. A remote attacker could exploit this vulnerability using a 
specially-crafted URL to execute script in a victim's Web browser within the 
security context of the hosting Web site, once the URL is clicked. An attacker
could use this vulnerability to steal the victim's cookie-based authentication
credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
160676 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:   CVE-2019-10247
DESCRIPTION:   Eclipse Jetty could allow a remote attacker to obtain sensitive
information, caused by a flaw in the DefaultHandler. By sending a 
specially-crafted request, a remote attacker could exploit this vulnerability 
to obtain sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
160610 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2018-12536
DESCRIPTION:   Eclipse Jetty could allow a remote attacker to obtain sensitive
information. An attacker could send a specially-crafted URL request to the 
java.nio.file.InvalidPathException function using an invalid parameter to cause
an error message to be returned containing the full installation path. An attacker
could use this information to launch further attacks against the affected system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
145523 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2019-0222
DESCRIPTION:   Apache ActiveMQ is vulnerable to a denial of service, caused by
improper input validation. By sending a specially-crafted MQTT frame, a remote
attacker could exploit this vulnerability to cause a denial of service 
condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
158686 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2020-1941
DESCRIPTION:   Apache ActiveMQ is vulnerable to cross-site scripting, caused by
improper validation of user-supplied input by the admin GUI. A remote attacker
could exploit this vulnerability using a specially-crafted URL to execute script
in a victim's Web browser within the security context of the hosting Web site, 
once the URL is clicked. An attacker could use this vulnerability to steal the
victim's cookie-based authentication credentials.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:   CVE-2018-8006
DESCRIPTION:   Apache ActiveMQ is vulnerable to cross-site scripting, caused by
improper validation of user-supplied input by the queues.jsp file. A remote 
attacker could exploit this vulnerability using the QueueFilter parameter in a
specially-crafted URL to execute script in a victim's Web browser within the 
security context of the hosting Web site, once the URL is clicked. An attacker
could use this vulnerability to steal the victim's cookie-based authentication
credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
148808 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:   CVE-2018-11775
DESCRIPTION:   Apache ActiveMQ Client could allow a remote attacker to conduct 
a man-in-the-middle attack, caused by a missing TLS hostname verification. An 
attacker could exploit this vulnerability to launch a man-in-the-middle attack
between a Java application using the ActiveMQ client and the ActiveMQ server.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
149705 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2017-15709
DESCRIPTION:   Apache ActiveMQ could allow a remote attacker to obtain sensitive
information, caused by the storing of certain system details in plaintext when 
using the OpenWire protocol. An attacker could exploit this vulnerability to 
obtain sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
139028 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2015-7559
DESCRIPTION:   Apache ActiveMQ client is vulnerable to a denial of service, 
caused by a remote shutdown command in the ActiveMQConnection class. By sending
a specific command, a remote authenticated attacker could exploit this 
vulnerability to cause the application to stop responding.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
170664 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2019-12423
DESCRIPTION:   Apache CXF could allow a remote attacker to obtain sensitive 
information, caused by a flaw when ships with OpenId Connect JWK Keys service.
By accessing the JWK keystore file, an attacker could exploit this vulnerability
to obtain the public keys in JWK format, and use this information to launch 
further attacks against the affected system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
174688 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2019-17573
DESCRIPTION:   Apache CXF is vulnerable to cross-site scripting, caused by 
improper validation of user-supplied input by the services listing page. A 
remote attacker could exploit this vulnerability using a specially-crafted URL
to execute script in a victim's Web browser within the security context of the 
hosting Web site, once the URL is clicked. An attacker could use this 
vulnerability to steal the victim's cookie-based authentication credentials.
174689 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:   CVE-2019-12419
DESCRIPTION:   Apache CXF could allow a remote attacker to bypass security 
restrictions, caused by the failure to validate that the authenticated principal
is equal to that of the supplied clientId parameter in the request by the OpenId
Connect token service. By obtaining the authorization code issued to another 
client, an attacker could exploit this vulnerability to obtain an access token 
for the other client.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
170975 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:   CVE-2020-1954
DESCRIPTION:   Apache CXF is vulnerable to a man-in-the-middle attack, caused 
by a flaw in JMX Integration. An attacker could exploit this vulnerability to 
launch a man-in-the-middle attack and gain access to the communication channel 
between endpoints to obtain sensitive information or further compromise the 
system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
178938 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2019-12406
DESCRIPTION:   Apache CXF is vulnerable to a denial of service, caused by the 
failure to restrict the number of message attachments present in a given 
message. By sending a specially-crafted message containing an overly large 
number of message attachments, a remote attacker could exploit this 
vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
170974 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

IBM QRadar SIEM 7.4.0 - 7.4.1 GA
IBM QRadar SIEM 7.3.0 - 7.3.3 Patch 4

Remediation/Fixes

QRadar / QRM / QVM / QRIF / QNI 7.4.1 Patch 1
QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 5

Workarounds and Mitigations

None

Change History

07 Oct 2020: Initial Publication

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX36aQ+NLKJtyKPYoAQj3kQ//ReiKV9RHBEfkVjiSEsG2Pg1r7jiJtnoB
bIWi06TUedH+ex0vhaUoyJbRQIptv7GOdE8WaUYJ/TFHyE2qVIeaPEa3BFaLgE6t
Hr2ZNr0sHjzsAH4iU9ofezElfKWC0ypixcHHcfgvKpclVcFemnV6SLt/qaKzy+G/
JjI0Hh11pA5owALGSiB470Y8zGKPdd8VtohwN5K3aquIU7t2bFG5mbqkmN8kif3a
7AuPEPW/NeavZsueeUfxC46l4lxKU7fENSbe3fsuAvHivTlPhEsZI8qIiz5FfX2a
UmuupI9cP6buj6+Vl1THkCj385s4YV7icCGcF4rXyrimVv5f61HbciTfu5tbmapA
PDLVdsCmZwgYgmW2QnTSe0MRqrO2bIUsn07tOKXe2ig0c7XocTuyiFN+K9yR69uh
xNiAPbXPNievipChMe7yy9TLQH4QkJKRi+kUPlJELRhgONmcyI4LvZa9eGEPqv5F
/OwG9iPJAoRaYvIj1G3VYQVnBCuBzD6O8A3YOX2ZPGuSFpy+wtoxKAtgSaRw8ZYJ
lHrBNL/ii3ipXwX5lZ159yltBGWT/yZXLDo+3CoBdzxWVWEnFaDnf/rijDTANdcF
jx2jhmlL/KgH0V6Y8CVIg7dCWqKWvEaXzteyFd+TaMYSZ8vzfRHufZk8w4w92p9M
IbfKXv4qUdE=
=WhVb
-----END PGP SIGNATURE-----