Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1519 IBM QRadar SIEM security advisories 5 May 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM QRadar SIEM Publisher: IBM Operating System: Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Access Privileged Data -- Existing Account Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Remote with User Interaction Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-20401 CVE-2021-20397 CVE-2020-15250 CVE-2020-13943 CVE-2020-11023 CVE-2020-11022 CVE-2020-5013 CVE-2020-4993 CVE-2020-4979 CVE-2020-4932 CVE-2020-4929 CVE-2020-4883 CVE-2019-17195 CVE-2017-18640 CVE-2015-9251 CVE-2015-5237 CVE-2012-6708 CVE-2011-4969 Reference: ASB-2021.0094 ASB-2021.0091 ESB-2021.0923 ESB-2021.0909 ESB-2021.0845 ESB-2021.0824 Original Bulletin: https://www.ibm.com/support/pages/node/6449662 https://www.ibm.com/support/pages/node/6449682 https://www.ibm.com/support/pages/node/6449674 https://www.ibm.com/support/pages/node/6449688 https://www.ibm.com/support/pages/node/6449678 https://www.ibm.com/support/pages/node/6449668 https://www.ibm.com/support/pages/node/6449672 https://www.ibm.com/support/pages/node/6449664 https://www.ibm.com/support/pages/node/6449690 Comment: This bulletin contains nine (9) IBM security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: Apache Tomcat as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2020-13943) Security Bulletin Document Information Product: IBM QRadar SIEM Software version: 7.3, 7.4 Operating system(s): Linux Document number: 6449662 Modified date: 04 May 2021 Summary Apache Tomcat as used by IBM QRadar SIEM is vulnerable to information disclosure Vulnerability Details CVEID: CVE-2020-13943 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to see the responses for unexpected resources, and use this information to launch further attacks against the affected system. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 189643 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) Affected Products and Versions IBM QRadar 7.3.0 to 7.3.3 Patch 7 IBM QRadar 7.4.0 to 7.4.2 Patch 2 Remediation/Fixes QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 8 QRadar / QRM / QVM / QRIF / QNI 7.4.2 Patch 3 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Off Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement Change History 4 May 2021: Initial Publication *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: IBM QRadar SIEM contains hard-coded credentials (CVE-2021-20401, CVE-2020-4932) Security Bulletin Document Information Product: IBM QRadar SIEM Software version: 7.3, 7.4 Operating system(s): Linux Document number: 6449682 Modified date: 04 May 2021 Summary IBM QRadar SIEM contains hard-coded credentials Vulnerability Details CVEID: CVE-2020-4932 DESCRIPTION: IBM QRadar contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. CVSS Base score: 6.2 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 191748 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2021-20401 DESCRIPTION: IBM QRadar contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. CVSS Base score: 5.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 196075 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) Affected Products and Versions IBM QRadar 7.3.0 to 7.3.3 Patch 7 IBM QRadar 7.4.0 to 7.4.2 Patch 2 Remediation/Fixes QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 8 QRadar / QRM / QVM / QRIF / QNI 7.4.2 Patch 3 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Off Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Vince Dragnea, Troy Fisher, Elaheh Samani, and Gabor Minyo from the IBM X-Force Ethical Hacking Team. Change History 04 May 2021: Initial Publication *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: IBM QRadar SIEM is vulnerable to Cross Site Scripting (XSS) (CVE-2020-4929) Security Bulletin Document Information Product: IBM QRadar SIEM Software version: 7.3, 7.4 Operating system(s): Linux Document number: 6449674 Modified date: 04 May 2021 Summary IBM QRadar SIEM is vulnerable to Cross Site Scripting Vulnerability Details CVEID: CVE-2020-4929 DESCRIPTION: IBM QRadar SIEM is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base score: 5.4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 191706 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) Affected Products and Versions IBM QRadar 7.3.0 to 7.3.3 Patch 7 IBM QRadar 7.4.0 to 7.4.2 Patch 2 Remediation/Fixes QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 8 QRadar / QRM / QVM / QRIF / QNI 7.4.2 Patch 3 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Off Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement Change History 29 Apr 2021: Initial Publication *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: IBM QRadar SIEM is vulnerable to Cross Site Scripting (XSS) (CVE-2021-20397) Security Bulletin Document Information Product: IBM QRadar SIEM Software version:7.3, 7.4 Operating system(s):Linux Document number:6449688 Modified date:04 May 2021 Summary IBM QRadar SIEM is vulnerable to Cross Site Scripting Vulnerability Details CVEID: CVE-2021-20397 DESCRIPTION: IBM QRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base score: 6.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 196017 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) Affected Products and Versions IBM QRadar 7.3.0 to 7.3.3 Patch 7 IBM QRadar 7.4.0 to 7.4.2 Patch 2 Remediation/Fixes QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 8 QRadar / QRM / QVM / QRIF / QNI 7.4.2 Patch 3 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Off Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement John Zuccato, Rodney Ryan, Chris Shepherd, Nathan Roane, Vince Dragnea, Troy Fisher, Elaheh Samani and Gabor Minyo from IBM X-Force Ethical Hacking Team Change History 29 Apr 2021: Initial Publication *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: IBM QRadar SIEM is vulnerable to Cross domain information disclosure (CVE-2020-4883) Security Bulletin Document Information Product: IBM QRadar SIEM Software version: 7.3, 7.4 Operating system(s): Linux Document number: 6449678 Modified date: 04 May 2021 Summary IBM QRadar SIEM is vulnerable to Cross domain information disclosure Vulnerability Details CVEID: CVE-2020-4883 DESCRIPTION: IBM QRadar SIEM could disclose sensitive information about other domains which could be used in further attacks against the system. CVSS Base score: 4.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 190907 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) Affected Products and Versions IBM QRadar 7.3.0 to 7.3.3 Patch 7 IBM QRadar 7.4.0 to 7.4.2 Patch 2 Remediation/Fixes QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 8 QRadar / QRM / QVM / QRIF / QNI 7.4.2 Patch 3 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Off Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement Change History 29 Apr 2021: Initial Publication *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: IBM QRadar SIEM is vulnerable to insecure inter-deployment communication (CVE-2020-4979) Security Bulletin Document Information Product: IBM QRadar SIEM Software version: 7.3, 7.4 Operating system(s): Linux Document number: 6449668 Modified date: 04 May 2021 Summary IBM QRadar SIEM is vulnerable to insecure inter-deployment communication Vulnerability Details CVEID: CVE-2020-4979 DESCRIPTION: IBM QRadar SIEM is vulnerable to insecure inter-deployment communication. An attacker that is able to comprimise or spoof traffic between hosts may be able to execute arbitrary commands. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 192538 for the current score. CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions IBM QRadar 7.3.0 to 7.3.3 Patch 7 IBM QRadar 7.4.0 to 7.4.2 Patch 2 Remediation/Fixes QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 8 QRadar / QRM / QVM / QRIF / QNI 7.4.2 Patch 3 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Off Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement Change History 29 Apr 2021: Initial Publication *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - ------------------------------------------------------------------------------- Security Bulletin: IBM QRadar SIEM is vulnerable to path traversal (CVE-2020-4993) Security Bulletin Document Information Product: IBM QRadar SIEM Software version: 7.3, 7.4 Operating system(s): Linux Document number: 6449672 Modified date: 04 May 2021 Summary IBM QRadar SIEM is vulnerable to path traversal attack. Vulnerability Details CVEID: CVE-2020-4993 DESCRIPTION: IBM QRadar SIEM when decompressing or verifying signature of zip files processes data in a way that may be vulnerable to path traversal attacks. CVSS Base score: 4.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 192905 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N) Affected Products and Versions IBM QRadar 7.3.0 to 7.3.3 Patch 7 IBM QRadar 7.4.0 to 7.4.2 Patch 2 Remediation/Fixes QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 8 QRadar / QRM / QVM / QRIF / QNI 7.4.2 Patch 3 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Off Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement Change History 29 Apr 2021: Initial Publication *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities Security Bulletin Document Information Product: IBM QRadar SIEM Software version: 7.3, 7.4 Operating system(s): Linux Document number: 6449664 Modified date: 04 May 2021 Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2015-5237 DESCRIPTION: Google Protocol Buffers could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in MessageLite::SerializeToString. A remote attacker could exploit this vulnerability to execute arbitrary code on the vulnerable system or cause a denial of service. CVSS Base score: 6.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 105989 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) CVEID: CVE-2019-17195 DESCRIPTION: Connect2id Nimbus JOSE+JWT is vulnerable to a denial of service, caused by the throwing of various uncaught exceptions while parsing a JWT. An attacker could exploit this vulnerability to crash the application or obtain sensitive information. CVSS Base score: 6.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 169514 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) CVEID: CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery(strInput) function. A remote attacker could exploit this vulnerability using the to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. CVSS Base score: 6.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 138055 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. CVSS Base score: 6.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 138029 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. CVSS Base score: 6.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 181349 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. CVSS Base score: 6.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 181350 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2011-4969 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input when handling the "location.hash" property. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. CVSS Base score: 4.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 82875 for the current score. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) CVEID: CVE-2017-18640 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by an entity expansion in Alias feature during a load operation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 174331 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2020-15250 DESCRIPTION: JUnit4 could allow a local attacker to obtain sensitive information, caused by a flaw in test rule TemporaryFolder. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base score: 4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 189677 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) Affected Products and Versions IBM QRadar 7.3.0 to 7.3.3 Patch 7 IBM QRadar 7.4.0 to 7.4.2 Patch 2 Remediation/Fixes QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 8 QRadar / QRM / QVM / QRIF / QNI 7.4.2 Patch 3 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Off Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement Change History 29 Apr 2021: Initial Publication *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: IBM QRadar SIEM may be vulnerable to a XML External Entity Injection attack (XXE) (CVE-2020-5013) Security Bulletin Document Information Product: IBM QRadar SIEM Software version: 7.3, 7.4 Operating system(s): Linux Document number: 6449690 Modified date: 04 May 2021 Summary IBM QRadar SIEM may be vulnerable to a XML External Entity Injection attack Vulnerability Details CVEID: CVE-2020-5013 DESCRIPTION: IBM QRadar SIEM may vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. CVSS Base score: 7.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 193245 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L) Affected Products and Versions IBM QRadar 7.3.0 to 7.3.3 Patch 7 IBM QRadar 7.4.0 to 7.4.2 Patch 2 Remediation/Fixes QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 8 QRadar / QRM / QVM / QRIF / QNI 7.4.2 Patch 3 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Off Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement Change History 29 Apr 2021: Initial Publication *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYJHybONLKJtyKPYoAQgQjA//URI8C/Zop2FyanvbQIpZfd0yRvikWr2T yKoxQ4BNfGxVMddnSPUfDCcQclqrB1/LS1Wy+ExjK6W42spANk2x4dyPqEjO6W+F z6iornQ0DqRW+EbIeUPEPJ98IEaz7ZG4uKhYdrZcL+RyvIrMaftLF1jFVLKKWmlx /Wg0NwBKS7LFla25tUDcUxOzgvs6e/pRDFx8++Otd3kgzIxNBLC5hi0T1ZqaVQmv DmCh5pagtV56t57RuFYhsypBqCvRNXtcp3MsbARvndtn2RcilODd9GVB2+lcbuQo brMP+F/9rqunKDosZAW7BMIs4Bz8YexSGjh71r3QJuUUQ30foI34AA84qPg42SmD 4PnxIpcK0wRTGyWiwFNkbcUW3SvVFNjxYBfaQvijVY3COL7rijZ/JpP/V3qc03uz wX0IsGc5SYT3k6v5TnvIkvun2+qgBhNnlbZGK1tCFW0Pg2PlBBlQFkxcXwehuj43 zQ8Pxx32Ki99sUpjl0QPW1WhywIv4LNzhJ0k4AW/n7XXPNESh2lBoIReCt5CNBnj 13amaX1BZf/CYl1scEbh31mtOHdvyO5oYHK1CTn0eh9HRjb+M+HfFN93zb/sAZIq o6jcSrPmUGLTp09x1arWqGlX2MkDiTx4KkXEGoIb88mcRQSvwj6KuBXJ0Ur6Vtsn nG9acGttsXY= =8Blb -----END PGP SIGNATURE-----