Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0319 Multiple vulnerabilities in IBM QRadar SIEM 28 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM QRadar SIEM Publisher: IBM Operating System: Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Increased Privileges -- Existing Account Overwrite Arbitrary Files -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Remote with User Interaction Provide Misleading Information -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-28928 CVE-2020-11080 CVE-2020-11008 CVE-2020-10942 CVE-2020-10754 CVE-2020-10751 CVE-2020-10742 CVE-2020-10732 CVE-2020-10690 CVE-2020-8492 CVE-2020-8286 CVE-2020-8285 CVE-2020-8231 CVE-2020-8177 CVE-2020-8169 CVE-2020-7595 CVE-2020-4888 CVE-2020-4789 CVE-2020-4787 CVE-2020-4786 CVE-2020-2812 CVE-2020-2780 CVE-2020-2752 CVE-2020-2574 CVE-2020-1971 CVE-2020-1967 CVE-2020-1934 CVE-2020-1927 CVE-2020-0034 CVE-2019-20636 CVE-2019-20388 CVE-2019-20386 CVE-2019-20054 CVE-2019-19956 CVE-2019-19807 CVE-2019-19767 CVE-2019-19537 CVE-2019-19534 CVE-2019-19530 CVE-2019-19524 CVE-2019-19447 CVE-2019-19332 CVE-2019-19126 CVE-2019-19063 CVE-2019-19062 CVE-2019-19046 CVE-2019-17546 CVE-2019-17498 CVE-2019-17055 CVE-2019-17053 CVE-2019-16994 CVE-2019-16935 CVE-2019-16233 CVE-2019-16231 CVE-2019-15917 CVE-2019-15903 CVE-2019-15847 CVE-2019-15807 CVE-2019-15217 CVE-2019-14973 CVE-2019-14907 CVE-2019-14866 CVE-2019-14822 CVE-2019-12450 CVE-2019-11324 CVE-2019-11236 CVE-2019-10098 CVE-2019-9458 CVE-2019-9454 CVE-2019-5482 CVE-2019-5188 CVE-2019-5094 CVE-2019-2974 CVE-2018-20843 CVE-2018-20836 CVE-2018-20060 CVE-2018-18074 CVE-2018-1303 CVE-2018-1283 CVE-2017-18551 CVE-2017-15715 Reference: ASB-2021.0001 ASB-2020.0087 ESB-2021.0171 ESB-2020.4531 ESB-2020.3888 Original Bulletin: https://www.ibm.com/support/pages/node/6408848 https://www.ibm.com/support/pages/node/6408864 https://www.ibm.com/support/pages/node/6408862 https://www.ibm.com/support/pages/node/6408866 https://www.ibm.com/support/pages/node/6408858 https://www.ibm.com/support/pages/node/6408856 https://www.ibm.com/support/pages/node/6409306 https://www.ibm.com/support/pages/node/6409294 Comment: This bulletin contains eight (8) IBM security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities Document Information More support for: IBM QRadar SIEM Software version: 7.3, 7.4 Operating system(s): Linux Document number: 6408848 Modified date: 26 January 2021 Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2019-19126 DESCRIPTION: GNU C Library could allow a local attacker to bypass security restrictions, caused by failing to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution. An attacker could exploit this vulnerability to bypass ASLR for a setuid program. CVSS Base score: 4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 172003 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2020-10754 DESCRIPTION: NetworkManager could allow a remote authenticated attacker to bypass security restrictions, caused by improper configuration in the nmcli. By connecting to a network, an attacker could exploit this vulnerability to bypass authentication. CVSS Base score: 4.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 184636 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2019-19956 DESCRIPTION: libxml2 is vulnerable to a denial of service, caused by a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base score: 3.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 173518 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2019-20388 DESCRIPTION: GNOME libxml2 could allow a remote attacker to obtain sensitive information, caused by a xmlSchemaValidateStream memory leak in xmlSchemaPreRun in xmlschemas.c. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base score: 3.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 175539 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) CVEID: CVE-2020-7595 DESCRIPTION: The Gnome Project Libxml2 is vulnerable to a denial of service, caused by an error in xmlStringLenDecodeEntities in parser.c. An attacker could exploit this vulnerability to cause the application to enter into an infinite loop. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 175333 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-5482 DESCRIPTION: cURL libcurl is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the tftp_receive_packet function. By sending specially-crafted request containing an OACK without the BLKSIZE option, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base score: 6.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 166942 for the current score. CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2018-20843 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an error in the XML parser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to consume all available CPU resources. CVSS Base score: 3.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 163073 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2019-15903 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by a heap-based buffer over-read in XML_GetCurrentLineNumber. By using a specially-crafted XML input, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 166560 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2019-20386 DESCRIPTION: systemd is vulnerable to a denial of service, caused by a memory leak in the button_open function in login/logind-button.c. By executing the udevadm trigger command, a local attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 6.2 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 175507 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-16935 DESCRIPTION: Python is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the python/Lib/DocXMLRPCServer.py. A remote attacker could exploit this vulnerability using the server_title field to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. CVSS Base score: 6.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 168612 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2020-8492 DESCRIPTION: Python is vulnerable to a denial of service, caused by a flaw in the urllib.request.AbstractBasicAuthHandler. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a Regular Expression Denial of Service (ReDoS). CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 175462 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2019-17498 DESCRIPTION: libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read when connecting to a malicious SSH server that sends a disconnect message. A remote attacker could exploit this vulnerability to cause a denial of service or obtain sensitive information. CVSS Base score: 6.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 169461 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) CVEID: CVE-2019-2974 DESCRIPTION: An unspecified vulnerability in product related to the Server Oracle MySQL component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. CVSS Base score: 6.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 169280 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2020-2574 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Client C API component could allow an unauthenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. CVSS Base score: 5.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 174523 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2020-2752 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Client C API component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 179652 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2020-2780 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: DML component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. CVSS Base score: 6.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 179680 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2020-2812 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: Stored Procedure component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. CVSS Base score: 4.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 179710 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-14907 DESCRIPTION: Samba is vulnerable to a denial of service, caused by an error after a failed character conversion at log level 3 or above. By sending a specially crafted string during the NTLMSSP authentication exchange, an attacker could exploit this vulnerability to cause a long-lived process to terminate. CVSS Base score: 6.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 174912 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2019-14866 DESCRIPTION: GNU cpio could allow a local authenticated attacker to gain elevated privileges on the system, caused by the failure to properly validate input files when generating TAR archives. An attacker could exploit this vulnerability to inject any tar content and compromise the system. CVSS Base score: 6.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 171509 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H) Affected Products and Versions IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1 IBM QRadar SIEM 7.4.0 to 7.4.1 Patch 1 IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 5 Remediation/Fixes QRadar / QRM / QVM 7.4.2 Patch 2 QRadar / QRM / QVM 7.4.1 Patch 2 QRadar / QRM / QVM 7.3.3 Patch 7 QRadar incident forensics please use the SFS below QRadar Incident Forensics / QNI 7.4.2 Patch 2 QRadar Incident Forensics / QNI 7.4.1 Patch 2 QRadar Incident Forensics / QNI 7.3.3 Patch 7 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Off Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 26 Jan 2021: Initial Publication *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. Document Location Worldwide - -------------------------------------------------------------------------------- Security Bulletin: IBM QRadar SIEM is vulnerable to Server Side Request Forgery (SSRF) (CVE-2020-4787) Document Information More support for: IBM QRadar SIEM Software version: 7.3, 7.4 Operating system(s): Linux Document number: 6408864 Modified date: 26 January 2021 Summary IBM QRadar SIEM is vulnerable to Server Side Request Forgery Vulnerability Details CVEID: CVE-2020-4787 DESCRIPTION: IBM QRadar is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. CVSS Base score: 4.2 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 189224 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L) Affected Products and Versions IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1 IBM QRadar SIEM 7.4.0 to 7.4.1 Patch 1 IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 5 Remediation/Fixes QRadar / QRM / QVM 7.4.2 Patch 2 QRadar / QRM / QVM 7.4.1 Patch 2 QRadar / QRM / QVM 7.3.3 Patch 7 QRadar incident forensics please use the SFS below QRadar Incident Forensics / QNI 7.4.2 Patch 2 QRadar Incident Forensics / QNI 7.4.1 Patch 2 QRadar Incident Forensics / QNI 7.3.3 Patch 7 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Off Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 26 Jan 2021: Initial Publication *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. Document Location Worldwide - -------------------------------------------------------------------------------- Security Bulletin: IBM QRadar SIEM is vulnerable to Arbitrary File Read (CVE-2020-4789) Document Information More support for: IBM QRadar SIEM Software version: 7.3, 7.4 Operating system(s): Linux Document number: 6408862 Modified date: 26 January 2021 Summary IBM QRadar SIEM is vulnerable to Arbitrary File Read Vulnerability Details CVEID: CVE-2020-4789 DESCRIPTION: IBM QRadar could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. CVSS Base score: 6.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 189302 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) Affected Products and Versions IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1 IBM QRadar SIEM 7.4.0 to 7.4.1 Patch 1 IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 5 Remediation/Fixes QRadar / QRM / QVM 7.4.2 Patch 2 QRadar / QRM / QVM 7.4.1 Patch 2 QRadar / QRM / QVM 7.3.3 Patch 7 QRadar incident forensics please use the SFS below QRadar Incident Forensics / QNI 7.4.2 Patch 2 QRadar Incident Forensics / QNI 7.4.1 Patch 2 QRadar Incident Forensics / QNI 7.3.3 Patch 7 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Off Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement This vulnerability was reported to IBM by Khoa Pham Change History 26 Jan 2021: Initial Publication *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. Document Location Worldwide - -------------------------------------------------------------------------------- Security Bulletin: IBM QRadar SIEM is vulnerable to Server Side Request Forgery (SSRF) (CVE-2020-4786) Document Information More support for: IBM QRadar SIEM Software version: 7.3, 7.4 Operating system(s): Linux Document number: 6408866 Modified date: 26 January 2021 Summary IBM QRadar SIEM is vulnerable to Server Side Request Forgery Vulnerability Details CVEID: CVE-2020-4786 DESCRIPTION: IBM QRadar Network Security is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. CVSS Base score: 5.4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 189221 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) Affected Products and Versions IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1 IBM QRadar SIEM 7.4.0 to 7.4.1 Patch 1 IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 5 Remediation/Fixes QRadar / QRM / QVM 7.4.2 Patch 2 QRadar / QRM / QVM 7.4.1 Patch 2 QRadar / QRM / QVM 7.3.3 Patch 7 QRadar incident forensics please use the SFS below QRadar Incident Forensics / QNI 7.4.2 Patch 2 QRadar Incident Forensics / QNI 7.4.1 Patch 2 QRadar Incident Forensics / QNI 7.3.3 Patch 7 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Off Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 26 Jan 2021: Initial Publication *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. Document Location Worldwide - -------------------------------------------------------------------------------- Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities Document Information More support for: IBM QRadar SIEM Software version: 7.3, 7.4 Operating system(s): Linux Document number: 6408858 Modified date: 26 January 2021 Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2019-2974 DESCRIPTION: An unspecified vulnerability in product related to the Server Oracle MySQL component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. CVSS Base score: 6.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 169280 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2020-2574 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Client C API component could allow an unauthenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. CVSS Base score: 5.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 174523 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2020-2752 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Client C API component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 179652 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2020-2780 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: DML component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. CVSS Base score: 6.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 179680 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2020-2812 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server Server: Stored Procedure component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. CVSS Base score: 4.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 179710 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-14973 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an iInteger overflow in the _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 3.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 165333 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2019-17546 DESCRIPTION: libtiff is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the tif_getimage.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. CVSS Base score: 7.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 168952 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVEID: CVE-2019-17498 DESCRIPTION: libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read when connecting to a malicious SSH server that sends a disconnect message. A remote attacker could exploit this vulnerability to cause a denial of service or obtain sensitive information. CVSS Base score: 6.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 169461 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) CVEID: CVE-2017-15715 DESCRIPTION: Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by the < FilesMatch > expression matching '$' to a newline character in a malicious filename instead of the end of the filename. By matching the trailing portion of the filename, an attacker could exploit to bypass security controls that use the < FilesMatch > directive. CVSS Base score: 3.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 140857 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2018-1283 DESCRIPTION: Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by an error when mod_session is configured with SessionEnv on to forward session data to CGI applications. By using a specially crafted "Session" header, an attacker could exploit this vulnerability to modify mod_session data on the system. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 140856 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2018-1303 DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by an out-of-bounds memory read error in mod_cache_socache. By sending a specially crafted HTTP request header, an attacker could exploit this vulnerability to cause the service to crash. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 140854 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2019-10098 DESCRIPTION: Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the mod_rewrite module. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites. CVSS Base score: 3.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 165366 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2020-1927 DESCRIPTION: Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the mod_rewrite module. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites. CVSS Base score: 7.4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 178936 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N) CVEID: CVE-2020-1934 DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by the use of uninitialized value in mod_proxy_ftp. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. CVSS Base score: 8.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 178937 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2019-5094 DESCRIPTION: E2fsprogs could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the quota file functionality. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 167547 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H) CVEID: CVE-2019-5188 DESCRIPTION: E2fsprogs could allow a local authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the directory rehashing function. By using a specially-crafted ext4 directory, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 174075 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H) CVEID: CVE-2020-0034 DESCRIPTION: Google Android could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the vp8_decode_frame of decodeframe.c. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 177658 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) Affected Products and Versions IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1 IBM QRadar SIEM 7.4.0 to 7.4.1 Patch 1 IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 5 Remediation/Fixes QRadar / QRM / QVM 7.4.2 Patch 2 QRadar / QRM / QVM 7.4.1 Patch 2 QRadar / QRM / QVM 7.3.3 Patch 7 QRadar incident forensics please use the SFS below QRadar Incident Forensics / QNI 7.4.2 Patch 2 QRadar Incident Forensics / QNI 7.4.1 Patch 2 QRadar Incident Forensics / QNI 7.3.3 Patch 7 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Off Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 26 Jan 2021: Initial Publication *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. Document Location Worldwide - -------------------------------------------------------------------------------- Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities Document Information More support for: IBM QRadar SIEM Software version: 7.3, 7.4 Operating system(s): Linux Document number: 6408856 Modified date: 26 January 2021 Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2018-18074 DESCRIPTION: The Requests package for Python could allow a remote attacker to obtain sensitive information, caused by sending information in an insecure manner. By sniffing the network, a remote attacker could exploit this vulnerability to obtain sensitive information. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 151296 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2018-20060 DESCRIPTION: urllib3 could allow a remote attacker to obtain sensitive information, caused by the failure to remove the Authorization HTTP header when following a cross-origin redirect. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain credentials in the Authorization header. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 154226 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2019-11236 DESCRIPTION: Python urllib3 is vulnerable to CRLF injection, caused by improper validation of user-supplied input by the request parameter. By sending a specially-crafted HTTP response containing CRLF character sequences, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 159527 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2019-11324 DESCRIPTION: urllib3 could allow a remote attacker to bypass security restrictions, caused by mishandling of certificates. By sending a specially-crafted certificate, an attacker could exploit this vulnerability to allow SSL connections. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 159909 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2019-5094 DESCRIPTION: E2fsprogs could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the quota file functionality. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 167547 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H) CVEID: CVE-2019-5188 DESCRIPTION: E2fsprogs could allow a local authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the directory rehashing function. By using a specially-crafted ext4 directory, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 174075 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H) CVEID: CVE-2020-11008 DESCRIPTION: Git could allow a remote attacker to obtain sensitive information, caused by a flaw in the external "credential helper" programs. By feeding a specially-crafted URL to git clone, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 180183 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2019-12450 DESCRIPTION: GNOME GLib could allow a remote attacker to bypass security restrictions, caused by improper permission control in the file_copy_fallback in gio/gfile.c. An attacker could exploit this vulnerability to bypass access restrictions. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 161792 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2019-14822 DESCRIPTION: IBus could allow a local authenticated attacker to bypass security restrictions, caused by improper authorization validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to monitor and send method calls to the ibus bus of another user. CVSS Base score: 5.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 167063 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) CVEID: CVE-2019-14973 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an iInteger overflow in the _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 3.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 165333 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2019-17546 DESCRIPTION: libtiff is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the tif_getimage.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. CVSS Base score: 7.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 168952 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVEID: CVE-2017-15715 DESCRIPTION: Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by the < FilesMatch > expression matching '$' to a newline character in a malicious filename instead of the end of the filename. By matching the trailing portion of the filename, an attacker could exploit to bypass security controls that use the < FilesMatch > directive. CVSS Base score: 3.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 140857 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2018-1283 DESCRIPTION: Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by an error when mod_session is configured with SessionEnv on to forward session data to CGI applications. By using a specially crafted "Session" header, an attacker could exploit this vulnerability to modify mod_session data on the system. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 140856 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2018-1303 DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by an out-of-bounds memory read error in mod_cache_socache. By sending a specially crafted HTTP request header, an attacker could exploit this vulnerability to cause the service to crash. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 140854 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2019-10098 DESCRIPTION: Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the mod_rewrite module. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites. CVSS Base score: 3.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 165366 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2020-1927 DESCRIPTION: Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the mod_rewrite module. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites. CVSS Base score: 7.4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 178936 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N) CVEID: CVE-2020-1934 DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by the use of uninitialized value in mod_proxy_ftp. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. CVSS Base score: 8.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 178937 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2017-18551 DESCRIPTION: Linux kernel is vulnerable to a buffer overflow, caused by a missing bounds check in drivers/i2c/i2c-core-smbus.c. An attacker could overflow an array and perform unspecified actions. CVSS Base score: 7.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 169650 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2018-20836 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/ libsas/sas_expander.c. A local attacker could exploit this vulnerability to cause the system to crash. CVSS Base score: 4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 161631 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2019-15217 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the yurex.c driver. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 4.6 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 165538 for the current score. CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-15807 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a memory leak in sas_expander.c when SAS expander discovery fails. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 166306 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-15917 DESCRIPTION: Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. CVSS Base score: 7.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 166477 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2019-16231 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in drivers/net/fjes/fjes_main.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 166961 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-16233 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in drivers/scsi/qla2xxx/qla_os.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 166945 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-16994 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the sit_init_net function in net/ipv6/sit.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 6.2 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 168245 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-17053 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by not enforcing CAP_NET_RAW in the ieee802154_create function in net/ieee802154/socket.c in the AF_IEEE802154 network module. By sending a specially-crafted request, an attacker could exploit this vulnerability to create a raw socket. CVSS Base score: 5.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 168360 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) CVEID: CVE-2019-17055 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by not enforcing CAP_NET_RAW in the base_sock_create function in drivers/isdn/mISDN/socket.c in the AF_ISDN network module. By sending a specially-crafted request, an attacker could exploit this vulnerability to create a raw socket. CVSS Base score: 5.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 168362 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) CVEID: CVE-2019-19046 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ ipmi_msghandler.c. A remote attacker could exploit this vulnerability to consume all available memory resources. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 171754 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-19062 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the crypto_report() function in crypto/crypto_user_base.c. A remote attacker could exploit this vulnerability to consume all available memory resources. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 171776 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-19063 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by multiple memory leaks in the rtl_usb_probe() function in drivers/net/wireless/ realtek/rtlwifi/usb.c. A remote attacker could exploit this vulnerability to consume all available memory resources. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 171775 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-19332 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds memory write in KVM hypervisor. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause the application to crash. CVSS Base score: 5.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 173143 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-19447 DESCRIPTION: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the ext4_put_super function in fs/ext4/super.c. By using a specially-crafted image file, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. CVSS Base score: 8.4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 172760 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2019-19524 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free condition in drivers/input/ff-memless.c. By connecting a specially-crafted USB device, an attacker could exploit this vulnerability to cause a kernel panic. CVSS Base score: 4.2 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 172521 for the current score. CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-19530 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free condition in drivers/usb/class/cdc-acm.c. By connecting a specially-crafted USB device, an attacker could exploit this vulnerability to cause a kernel panic. CVSS Base score: 4.2 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 172527 for the current score. CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-19534 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by missing memory initialization in drivers/net/can/usb/ peak_usb/pcan_usb_core.c. By connecting a specially-crafted USB device, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base score: 2.4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 172530 for the current score. CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2019-19537 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition in drivers/usb/core/file.c. By connecting a specially-crafted USB device, an attacker could exploit this vulnerability to cause the system to stop responding. CVSS Base score: 4.2 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 172608 for the current score. CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-19767 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the __ext4_expand_extra_isize and ext4_xattr_set_entry functions in fs/ext4/inode.c and fs/ext4/super.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 6.2 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 173054 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-19807 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in sound/core/timer.c. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause the application to crash. CVSS Base score: 4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 173150 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2019-20054 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause the application to crash. CVSS Base score: 4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 173738 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2019-20636 DESCRIPTION: Linux Linux could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw in the input_set_keycode function. By using a specially-crafted keycode table, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. CVSS Base score: 8.4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 181202 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2019-9454 DESCRIPTION: Google Android could allow a local authenticated attacker to gain elevated privileges on the system, caused by a memory corruption in the i2c driver. An attacker could exploit this vulnerability to escalate privileges. CVSS Base score: 7.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 166734 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2019-9458 DESCRIPTION: Google Android could allow a local attacker to gain elevated privileges on the system, caused by a race condition in the video driver. An attacker could exploit this vulnerability to escalate privileges. CVSS Base score: 8.4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 166730 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2020-10690 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the cdev_put function in the Precision Time Protocol (PTP). By removing a PTP device while chardev is open, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 4.4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 180182 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2020-10732 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the implementation of Userspace core dumps. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a program to crash. CVSS Base score: 3.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 181554 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2020-10742 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a stack-based buffer overflow during Direct IO write. A local authenticated attacker could exploit this vulnerability using a reach out of the index after one memory allocation by kmalloc to cause the NFS client to crash. CVSS Base score: 6 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 185376 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H) CVEID: CVE-2020-10751 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by a flaw with improper validation of first netlink message by the SELinux LSM hook implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to allow or deny the rest of the netlink messages within the skb with the granted permission without further processing. CVSS Base score: 6.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 182451 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N) CVEID: CVE-2020-10942 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by improper validation of an sk_family field by the get_raw_socket function in drivers/vhost/net.c. By sending specially-crafted system calls, a local attacker could exploit this vulnerability to cause a kernel stack corruption resulting in a denial of service condition. CVSS Base score: 6.2 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 178539 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1 IBM QRadar SIEM 7.4.0 to 7.4.1 Patch 1 IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 5 Remediation/Fixes QRadar / QRM / QVM 7.4.2 Patch 2 QRadar / QRM / QVM 7.4.1 Patch 2 QRadar / QRM / QVM 7.3.3 Patch 7 QRadar incident forensics please use the SFS below QRadar Incident Forensics / QNI 7.4.2 Patch 2 QRadar Incident Forensics / QNI 7.4.1 Patch 2 QRadar Incident Forensics / QNI 7.3.3 Patch 7 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Off Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 26 Jan 2021: Initial Publication *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. Document Location Worldwide - -------------------------------------------------------------------------------- Security Bulletin: IBM QRadar SIEM is vulnerable to deserialization of untrusted data (CVE-2020-4888) Document Information More support for: IBM QRadar SIEM Software version: 7.3, 7.4 Operating system(s): Linux Document number: 6409306 Modified date: 27 January 2021 Summary IBM QRadar SIEM is vulnerable to deserialization of untrusted data Vulnerability Details CVEID: CVE-2020-4888 DESCRIPTION: IBM QRadar SIEM could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system CVSS Base score: 6.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 190912 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) Affected Products and Versions IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 7 Remediation/Fixes QRadar / QRM / QVM 7.4.2 Patch 2 QRadar / QRM / QVM 7.3.3 Patch 7 IF 1 QRadar incident forensics please use the SFS below QRadar Incident Forensics / QNI 7.4.2 Patch 2 QRadar Incident Forensics / QNI 7.3.3 Patch 7 IF 1 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Off Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement The vulnerability was reported to IBM by testanull Change History 27 Jan 2021: Initial Publication *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. Document Location Worldwide - -------------------------------------------------------------------------------- Security Bulletin: IBM Security QRadar Analyst Workflow add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities Document Information More support for: IBM QRadar SIEM Software version: 7.3, 7.4 Operating system(s): Linux Document number: 6409294 Modified date: 27 January 2021 Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2020-8169 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by the failure to correctly URL encode the credential data when set using an curl_easy_setopt option. The host name and partial password is leaked in cleartext over DNS on HTTP redirect. An attacker could exploit this vulnerability to obtain sensitive information. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 183930 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2020-8177 DESCRIPTION: cURL could allow a remote attacker to overwrite arbitrary files on the system, caused by the improper handling of certain parameters when using - -J (--remote-header-name) and -I (--include) in the same command line. An attacker could exploit this vulnerability to overwrite a local file. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 183931 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2020-8231 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by the improper handling of the CURLOPT_CONNECT_ONLY option. The raw data is sent over that connection to the wrong destination. An attacker could exploit this vulnerability to obtain sensitive information. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 186954 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2020-8285 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a stack-based buffer overflow in the wildcard matching function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 192855 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2020-8286 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by improper OCSP response verification. By sending a specially-crafted request, an attacker could exploit this vulnerability to breach a TLS server. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 192856 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) CVEID: CVE-2020-1967 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. By passing specially crafted data to the SSL_check_chain() function during or after a TLS 1.3 handshake, a remote attacker could exploit this vulnerability to cause server or client applications to crash. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 180181 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERAL_NAME_cmp function contain an EDIPARTYNAME, an attacker could exploit this vulnerability to cause the application to crash. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 192748 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-15847 DESCRIPTION: GNU Compiler Collection (GCC) could provide weaker than expected security, caused by a flaw in the POWER9 backend. A remote attacker could exploit this vulnerability to launch further attacks on the system. CVSS Base score: 7.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 166452 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2020-28928 DESCRIPTION: musl libc is vulnerable to a denial of service, caused by a destination buffer overflow in the wcsnrtombs function. By sending specially-crafted input, a local attacker could exploit this vulnerability to cause the application to enter into an infinite loop. CVSS Base score: 6.2 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 192091 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2020-11080 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error in the HTTP/2 session frame which is limited to 32 settings by default. By sending overly large HTTP/2 SETTINGS frames, an attacker could exploit this vulnerability to consume all available CPU resources. CVSS Base score: 3.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 182815 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) Affected Products and Versions +--------------------------------+-----------+ |Affected Product(s) |Version(s) | +--------------------------------+-----------+ |IBM Security QRadar Analyst |1.0.0 - | |Workflow |1.3.1 | +--------------------------------+-----------+ Remediation/Fixes Update to 1.4.0 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Off Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 27 Jan 2021: Initial Publication *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. Document Location Worldwide - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYBJCFuNLKJtyKPYoAQhstA/8CMEXjpxo9GZeLw6XtoJX3UgRoEP9TuiF Qy2b5mDfulwJjv4TOXBx4Tei4gX8WkULBRN5GNCaPK4OiANFVf4RbEHTUmqKz9FP c47W4LD3KM6+PVHcHvEkhCrFx8FtbX8K6phhb84+GrTZcgfWj+DA+LDo+h4BReZF I2PdOsz8Nwcye6jFOMTl3zN41Y5G/NT4slW41Gsf2bZi7KUReEUZDGaojQr6x/fM IlIjAgJ1P4CFlexHc2n7a/5KVMiYmttB6L5XKCL1dke2zQ53ToPgMy/mfxPoo1nT 0dTkKGxSLwCMJNLFIZKEnDiZp0d7hMLD48wpUfD2UHwhhHdUaabEuzeeq9a7Rttz 8hq16vcIZdHa/XlO5sze4D9l2IGsMGgdrGwuEevYMkPizjGAKDk9bGASvqfSQ6Ji Rn0jcYUTsAqBRarpWx0QWcva1fQ75UxH7TP5ldWYVKmjHaA98Tzr5rq3N4mHnKtO ky/rkt9qSAhdSseYMpqQEjr97I7Rul/YM9XboGm8JU8Bn+GciAXGPpfPVKQPaQt3 mHDQCZz2+gvE2QWS/DHqwbJpgCLqTug3Quf8UNXNk92yJkOwBD8BXe4zxY7KGzpn swLUkiBsg8Zj+rUCChRqwwjjrKRoJW078zuQlS805MvsobcDcSlkP/26Pp7brExO Ou7mL5sBk0E= =fLbp -----END PGP SIGNATURE-----