Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.1519
IBM QRadar SIEM security advisories
5 May 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM QRadar SIEM
Publisher: IBM
Operating System: Linux variants
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Access Privileged Data -- Existing Account
Denial of Service -- Remote/Unauthenticated
Cross-site Scripting -- Remote with User Interaction
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-20401 CVE-2021-20397 CVE-2020-15250
CVE-2020-13943 CVE-2020-11023 CVE-2020-11022
CVE-2020-5013 CVE-2020-4993 CVE-2020-4979
CVE-2020-4932 CVE-2020-4929 CVE-2020-4883
CVE-2019-17195 CVE-2017-18640 CVE-2015-9251
CVE-2015-5237 CVE-2012-6708 CVE-2011-4969
Reference: ASB-2021.0094
ASB-2021.0091
ESB-2021.0923
ESB-2021.0909
ESB-2021.0845
ESB-2021.0824
Original Bulletin:
https://www.ibm.com/support/pages/node/6449662
https://www.ibm.com/support/pages/node/6449682
https://www.ibm.com/support/pages/node/6449674
https://www.ibm.com/support/pages/node/6449688
https://www.ibm.com/support/pages/node/6449678
https://www.ibm.com/support/pages/node/6449668
https://www.ibm.com/support/pages/node/6449672
https://www.ibm.com/support/pages/node/6449664
https://www.ibm.com/support/pages/node/6449690
Comment: This bulletin contains nine (9) IBM security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: Apache Tomcat as used by IBM QRadar SIEM is vulnerable to
information disclosure (CVE-2020-13943)
Security Bulletin
Document Information
Product: IBM QRadar SIEM
Software version: 7.3, 7.4
Operating system(s): Linux
Document number: 6449662
Modified date:
04 May 2021
Summary
Apache Tomcat as used by IBM QRadar SIEM is vulnerable to information
disclosure
Vulnerability Details
CVEID: CVE-2020-13943
DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive
information, caused by a flaw when HTTP/2 client exceeded the agreed maximum
number of concurrent streams for a connection. By sending a specially-crafted
HTTP request, an attacker could exploit this vulnerability to see the responses
for unexpected resources, and use this information to launch further attacks
against the affected system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
189643 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
IBM QRadar 7.3.0 to 7.3.3 Patch 7
IBM QRadar 7.4.0 to 7.4.2 Patch 2
Remediation/Fixes
QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 8
QRadar / QRM / QVM / QRIF / QNI 7.4.2 Patch 3
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
Subscribe to My Notifications to be notified of important product support
alerts like this.
References
Complete CVSS v3 Guide
On-line Calculator v3
Off
Related Information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
Change History
4 May 2021: Initial Publication
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------------------------------------------------------------
Security Bulletin: IBM QRadar SIEM contains hard-coded credentials
(CVE-2021-20401, CVE-2020-4932)
Security Bulletin
Document Information
Product: IBM QRadar SIEM
Software version: 7.3, 7.4
Operating system(s): Linux
Document number: 6449682
Modified date: 04 May 2021
Summary
IBM QRadar SIEM contains hard-coded credentials
Vulnerability Details
CVEID: CVE-2020-4932
DESCRIPTION: IBM QRadar contains hard-coded credentials, such as a password
or cryptographic key, which it uses for its own inbound authentication,
outbound communication to external components, or encryption of internal data.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
191748 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2021-20401
DESCRIPTION: IBM QRadar contains hard-coded credentials, such as a password
or cryptographic key, which it uses for its own inbound authentication,
outbound communication to external components, or encryption of internal data.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
196075 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)
Affected Products and Versions
IBM QRadar 7.3.0 to 7.3.3 Patch 7
IBM QRadar 7.4.0 to 7.4.2 Patch 2
Remediation/Fixes
QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 8
QRadar / QRM / QVM / QRIF / QNI 7.4.2 Patch 3
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
Subscribe to My Notifications to be notified of important product support
alerts like this.
References
Complete CVSS v3 Guide
On-line Calculator v3
Off
Related Information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Vince Dragnea, Troy
Fisher, Elaheh Samani, and Gabor Minyo from the IBM X-Force Ethical Hacking
Team.
Change History
04 May 2021: Initial Publication
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------------------------------------------------------------
Security Bulletin: IBM QRadar SIEM is vulnerable to Cross Site Scripting (XSS)
(CVE-2020-4929)
Security Bulletin
Document Information
Product: IBM QRadar SIEM
Software version: 7.3, 7.4
Operating system(s): Linux
Document number: 6449674
Modified date: 04 May 2021
Summary
IBM QRadar SIEM is vulnerable to Cross Site Scripting
Vulnerability Details
CVEID: CVE-2020-4929
DESCRIPTION: IBM QRadar SIEM is vulnerable to cross-site scripting. This
vulnerability allows users to embed arbitrary JavaScript code in the Web UI
thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
191706 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
IBM QRadar 7.3.0 to 7.3.3 Patch 7
IBM QRadar 7.4.0 to 7.4.2 Patch 2
Remediation/Fixes
QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 8
QRadar / QRM / QVM / QRIF / QNI 7.4.2 Patch 3
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
Subscribe to My Notifications to be notified of important product support
alerts like this.
References
Complete CVSS v3 Guide
On-line Calculator v3
Off
Related Information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
Change History
29 Apr 2021: Initial Publication
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------------------------------------------------------------
Security Bulletin: IBM QRadar SIEM is vulnerable to Cross Site Scripting (XSS)
(CVE-2021-20397)
Security Bulletin
Document Information
Product: IBM QRadar SIEM
Software version:7.3, 7.4
Operating system(s):Linux
Document number:6449688
Modified date:04 May 2021
Summary
IBM QRadar SIEM is vulnerable to Cross Site Scripting
Vulnerability Details
CVEID: CVE-2021-20397
DESCRIPTION: IBM QRadar is vulnerable to cross-site scripting. This
vulnerability allows users to embed arbitrary JavaScript code in the Web UI
thus altering the intended functionality potentially leading to credentials
disclosure within a trusted session.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
196017 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
IBM QRadar 7.3.0 to 7.3.3 Patch 7
IBM QRadar 7.4.0 to 7.4.2 Patch 2
Remediation/Fixes
QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 8
QRadar / QRM / QVM / QRIF / QNI 7.4.2 Patch 3
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
Subscribe to My Notifications to be notified of important product support
alerts like this.
References
Complete CVSS v3 Guide
On-line Calculator v3
Off
Related Information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Vince Dragnea, Troy
Fisher, Elaheh Samani and Gabor Minyo from IBM X-Force Ethical Hacking Team
Change History
29 Apr 2021: Initial Publication
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------------------------------------------------------------
Security Bulletin: IBM QRadar SIEM is vulnerable to Cross domain information
disclosure (CVE-2020-4883)
Security Bulletin
Document Information
Product: IBM QRadar SIEM
Software version: 7.3, 7.4
Operating system(s): Linux
Document number: 6449678
Modified date: 04 May 2021
Summary
IBM QRadar SIEM is vulnerable to Cross domain information disclosure
Vulnerability Details
CVEID: CVE-2020-4883
DESCRIPTION: IBM QRadar SIEM could disclose sensitive information about other
domains which could be used in further attacks against the system.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
190907 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
IBM QRadar 7.3.0 to 7.3.3 Patch 7
IBM QRadar 7.4.0 to 7.4.2 Patch 2
Remediation/Fixes
QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 8
QRadar / QRM / QVM / QRIF / QNI 7.4.2 Patch 3
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
Subscribe to My Notifications to be notified of important product support
alerts like this.
References
Complete CVSS v3 Guide
On-line Calculator v3
Off
Related Information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
Change History
29 Apr 2021: Initial Publication
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------------------------------------------------------------
Security Bulletin: IBM QRadar SIEM is vulnerable to insecure inter-deployment
communication (CVE-2020-4979)
Security Bulletin
Document Information
Product: IBM QRadar SIEM
Software version: 7.3, 7.4
Operating system(s): Linux
Document number: 6449668
Modified date: 04 May 2021
Summary
IBM QRadar SIEM is vulnerable to insecure inter-deployment communication
Vulnerability Details
CVEID: CVE-2020-4979
DESCRIPTION: IBM QRadar SIEM is vulnerable to insecure inter-deployment
communication. An attacker that is able to comprimise or spoof traffic between
hosts may be able to execute arbitrary commands.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
192538 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
IBM QRadar 7.3.0 to 7.3.3 Patch 7
IBM QRadar 7.4.0 to 7.4.2 Patch 2
Remediation/Fixes
QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 8
QRadar / QRM / QVM / QRIF / QNI 7.4.2 Patch 3
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
Subscribe to My Notifications to be notified of important product support
alerts like this.
References
Complete CVSS v3 Guide
On-line Calculator v3
Off
Related Information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
Change History
29 Apr 2021: Initial Publication
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- -------------------------------------------------------------------------------
Security Bulletin: IBM QRadar SIEM is vulnerable to path traversal
(CVE-2020-4993)
Security Bulletin
Document Information
Product: IBM QRadar SIEM
Software version: 7.3, 7.4
Operating system(s): Linux
Document number: 6449672
Modified date: 04 May 2021
Summary
IBM QRadar SIEM is vulnerable to path traversal attack.
Vulnerability Details
CVEID: CVE-2020-4993
DESCRIPTION: IBM QRadar SIEM when decompressing or verifying signature of zip
files processes data in a way that may be vulnerable to path traversal attacks.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
192905 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N)
Affected Products and Versions
IBM QRadar 7.3.0 to 7.3.3 Patch 7
IBM QRadar 7.4.0 to 7.4.2 Patch 2
Remediation/Fixes
QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 8
QRadar / QRM / QVM / QRIF / QNI 7.4.2 Patch 3
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
Subscribe to My Notifications to be notified of important product support
alerts like this.
References
Complete CVSS v3 Guide
On-line Calculator v3
Off
Related Information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
Change History
29 Apr 2021: Initial Publication
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------------------------------------------------------------
Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known
vulnerabilities
Security Bulletin
Document Information
Product: IBM QRadar SIEM
Software version: 7.3, 7.4
Operating system(s): Linux
Document number: 6449664
Modified date: 04 May 2021
Summary
The product includes vulnerable components (e.g., framework libraries) that may
be identified and exploited with automated tools.
Vulnerability Details
CVEID: CVE-2015-5237
DESCRIPTION: Google Protocol Buffers could allow a remote attacker to execute
arbitrary code on the system, caused by an integer overflow in
MessageLite::SerializeToString. A remote attacker could exploit this
vulnerability to execute arbitrary code on the vulnerable system or cause a
denial of service.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
105989 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2019-17195
DESCRIPTION: Connect2id Nimbus JOSE+JWT is vulnerable to a denial of
service, caused by the throwing of various uncaught exceptions while parsing a
JWT. An attacker could exploit this vulnerability to crash the application or
obtain sensitive information.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
169514 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
CVEID: CVE-2012-6708
DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper
validation of user-supplied input by the jQuery(strInput) function. A remote
attacker could exploit this vulnerability using the to inject malicious script
into a Web page which would be executed in a victim's Web browser within
the security context of the hosting Web site, once the page is viewed. An
attacker could use this vulnerability to steal the victim's cookie-based
authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
138055 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2015-9251
DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper
validation of user-supplied input. A remote attacker could exploit this
vulnerability using a specially-crafted URL to execute script in a victim's
Web browser within the security context of the hosting Web site, once the URL
is clicked. An attacker could use this vulnerability to steal the victim's
cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
138029 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2020-11022
DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper
validation of user-supplied input by the jQuery.htmlPrefilter method. A remote
attacker could exploit this vulnerability to inject malicious script into a Web
page which would be executed in a victim's Web browser within the security
context of the hosting Web site, once the page is viewed. An attacker could use
this vulnerability to steal the victim's cookie-based authentication
credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
181349 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2020-11023
DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper
validation of user-supplied input by the option elements. A remote attacker
could exploit this vulnerability to inject malicious script into a Web page
which would be executed in a victim's Web browser within the security
context of the hosting Web site, once the page is viewed. An attacker could use
this vulnerability to steal the victim's cookie-based authentication
credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
181350 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVEID: CVE-2011-4969
DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper
validation of user-supplied input when handling the "location.hash"
property. A remote attacker could exploit this vulnerability to inject
malicious script into a Web page which would be executed in a victim's Web
browser within the security context of the hosting Web site, once the page is
viewed. An attacker could use this vulnerability to steal the victim's
cookie-based authentication credentials.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
82875 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVEID: CVE-2017-18640
DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by an
entity expansion in Alias feature during a load operation. By sending a
specially crafted request, a remote attacker could exploit this vulnerability
to cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
174331 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2020-15250
DESCRIPTION: JUnit4 could allow a local attacker to obtain sensitive
information, caused by a flaw in test rule TemporaryFolder. By sending a
specially crafted request, an attacker could exploit this vulnerability to
obtain sensitive information.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
189677 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
IBM QRadar 7.3.0 to 7.3.3 Patch 7
IBM QRadar 7.4.0 to 7.4.2 Patch 2
Remediation/Fixes
QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 8
QRadar / QRM / QVM / QRIF / QNI 7.4.2 Patch 3
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
Subscribe to My Notifications to be notified of important product support
alerts like this.
References
Complete CVSS v3 Guide
On-line Calculator v3
Off
Related Information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
Change History
29 Apr 2021: Initial Publication
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------------------------------------------------------------
Security Bulletin: IBM QRadar SIEM may be vulnerable to a XML External Entity
Injection attack (XXE) (CVE-2020-5013)
Security Bulletin
Document Information
Product: IBM QRadar SIEM
Software version: 7.3, 7.4
Operating system(s): Linux
Document number: 6449690
Modified date: 04 May 2021
Summary
IBM QRadar SIEM may be vulnerable to a XML External Entity Injection attack
Vulnerability Details
CVEID: CVE-2020-5013
DESCRIPTION: IBM QRadar SIEM may vulnerable to a XML External Entity
Injection (XXE) attack when processing XML data. A remote attacker could
exploit this vulnerability to expose sensitive information or consume memory
resources.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
193245 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)
Affected Products and Versions
IBM QRadar 7.3.0 to 7.3.3 Patch 7
IBM QRadar 7.4.0 to 7.4.2 Patch 2
Remediation/Fixes
QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 8
QRadar / QRM / QVM / QRIF / QNI 7.4.2 Patch 3
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
Subscribe to My Notifications to be notified of important product support
alerts like this.
References
Complete CVSS v3 Guide
On-line Calculator v3
Off
Related Information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
Change History
29 Apr 2021: Initial Publication
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYJHybONLKJtyKPYoAQgQjA//URI8C/Zop2FyanvbQIpZfd0yRvikWr2T
yKoxQ4BNfGxVMddnSPUfDCcQclqrB1/LS1Wy+ExjK6W42spANk2x4dyPqEjO6W+F
z6iornQ0DqRW+EbIeUPEPJ98IEaz7ZG4uKhYdrZcL+RyvIrMaftLF1jFVLKKWmlx
/Wg0NwBKS7LFla25tUDcUxOzgvs6e/pRDFx8++Otd3kgzIxNBLC5hi0T1ZqaVQmv
DmCh5pagtV56t57RuFYhsypBqCvRNXtcp3MsbARvndtn2RcilODd9GVB2+lcbuQo
brMP+F/9rqunKDosZAW7BMIs4Bz8YexSGjh71r3QJuUUQ30foI34AA84qPg42SmD
4PnxIpcK0wRTGyWiwFNkbcUW3SvVFNjxYBfaQvijVY3COL7rijZ/JpP/V3qc03uz
wX0IsGc5SYT3k6v5TnvIkvun2+qgBhNnlbZGK1tCFW0Pg2PlBBlQFkxcXwehuj43
zQ8Pxx32Ki99sUpjl0QPW1WhywIv4LNzhJ0k4AW/n7XXPNESh2lBoIReCt5CNBnj
13amaX1BZf/CYl1scEbh31mtOHdvyO5oYHK1CTn0eh9HRjb+M+HfFN93zb/sAZIq
o6jcSrPmUGLTp09x1arWqGlX2MkDiTx4KkXEGoIb88mcRQSvwj6KuBXJ0Ur6Vtsn
nG9acGttsXY=
=8Blb
-----END PGP SIGNATURE-----