Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM03B6C658330D9ED7D3D5C516018194DBD42F5AA0466A1BAFC87309A8A438D756
HistoryMay 10, 2019 - 2:29 p.m.

Release of QRadar 7.2.8 Patch 4 (7.2.8.20170224202650) Updated w/Security Bulletins

2019-05-1014:29:11
www.ibm.com
9

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

Abstract

A list of the installation instructions, new features, and resolved issues list for the release of IBM Security QRadar 7.2.8 Patch 4 (7.2.8.20170224202650).

Content

Known issue identified IMPORTANT: A known issue has been identified in QRadar 7.2.8 Patch 4 where QFlow Collector (12xx/13xx) appliances might experience an issue upgrading from older versions of QRadar, such as QRadar 7.2.6 or QRadar 7.2.7. Administrators should be aware of this issue and if you plan to upgrade older versions of QRadar (7.2.6 or 7.2.7), contact QRadar support before upgrading if you have QFlow appliances in your deployment. This issue does not impact QRadar 7.2.8 users who update to the latest version (7.2.8 Patch 4).

Known Issue in 7.2.8 Patch 4

Number Description
IV93936 QRADAR 7.2.8 PATCH 4 FLOW COLLECTOR (12XX/13XX) PATCH PROCESS FAILS AT TEST WHEN PATCHING FROM VERSION 7.2.6.X OR 7.2.7.X

Upgrade information
Fix packs are cumulative software updates to fix known software issues in your QRadar deployment. There are five APARs associated with QRadar 7.2.8 Patch 4, which address a number of specific issues in QRadar 7.2.8. QRadar fix packs are installed by using an SFS file. The fix pack can update all appliances attached to the QRadar Console. If your deployment is installed with any of the following QRadar versions, you can install fix pack 7.2.8-QRADAR-QRSIEM-20170224202650 to upgrade to QRadar 7.2.8 Patch 4:

Current QRadar Version Upgrades to QRadar 7.2.8 Patch 4?
QRadar 7.2.3 (any patch level) or earlier No, a minimum of QRadar 7.2.4 is required.
QRadar 7.2.4 (any patch level) Yes
QRadar 7.2.5 (any patch level) Yes
QRadar 7.2.6 (any patch level) Yes
QRadar 7.2.7 (any patch level) Yes

The 7.2.8-QRADAR-QRSIEM-20170224202650 fix pack can upgrade QRadar 7.2.4 (7.2.4.983526) and later to the latest software version. However, this document does not cover all of the installation messages and requirements, such as changes to memory requirements or browser requirements for QRadar. To review any additional requirements, see the QRadar Upgrade Guide. If you are on a version of QRadar earlier than QRadar 7.2.4, you must upgrade to QRadar 7.2.4 before proceeding to QRadar 7.2.8. For more information, see the QRadar Software Upgrade Progression technical note.

Important: A QRadar 7.2.8 ISO is available on IBM Fix Central for administrators to want to install a new appliance or virtual machine. Administrators who want to complete a new install need to review the QRadar Installation Guide.

**Before you begin **Ensure that you take the following precautions:

  • Back up your data before you begin any software upgrade. For more information about backup and recovery, see the IBM Security QRadar Administration Guide.
  • To avoid access errors in your log file, close all open QRadar sessions.
  • The fix pack for QRadar cannot be installed on a managed host that is at a different software version from the Console. All appliances in the deployment must be at the same software revision to patch the entire deployment.
  • Verify that all changes are deployed on your appliances. The patch cannot install on appliances that have changes that are not deployed.
  • The .SFS file is only capable of upgrading existing QRadar installations. A QRadar 7.2.8 ISO is available for administrators to want to install a new appliance or virtual machine. Administrators who want to do a new install need to review the QRadar Installation Guide.

**Installing the QRadar 7.2.8 Patch 4 Fix Pack **The instructions guide administrators through the process of upgrading an existing QRadar version at 7.2.4 or later to the newest software version.

Procedure

  1. Download the fix pack to install QRadar 7.2.8 Patch 4 from the IBM Fix Central website: http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=Linux&function=fixId&fixids=7.2.8-QRADAR-QRSIEM-20170224202650&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc

  2. Using SSH, log in to your system as the root user.

  3. Copy the fix pack to the /tmp directory on the QRadar Console.Note:If space in the/tmp directory is limited, copy the fix pack to another location that has sufficient space.

  4. To create the /media/updates directory, type the following command: **mkdir -p /media/updates**

  5. Change to the directory where you copied the patch file. For example, **cd /tmp**

  6. To mount the patch file to the /media/updates directory, type the following command:
    **mount -o loop -t squashfs 728_QRadar_patchupdate-7.2.8.20170224202650.sfs /media/updates**

  7. To run the patch installer, type the following command: **/media/updates/installer **Note: The first time that you run the fix pack, there might be a delay before the fix pack installation menu is displayed.

  8. Using the patch installer, select all.

  • The all option updates the software on all appliances in the following order:

1. Console
2. Event Processors
3. Event Collectors
4. Flow Processors
5. Flow Collectors

  • If you do not select the all option, you must select your Console appliance.

As of QRadar 7.2.6 Patch 4 and later, administrators are only provided the option to update all or update the Console appliance as the managed hosts are not displayed in the installation menu. After the Console is patched, a list of managed hosts that can be updated is displayed in the installation menu. This change was made starting with QRadar 7.2.6 Patch 4 to ensure that the Console appliance is always updated before managed hosts to prevent upgrade issues.

If administrators want to patch systems in series, they can update the Console first, then copy the patch to all other appliances and run the patch installer individually on each managed host. The Console must be patched before you can run the installer on managed hosts. When updating in parallel, there is no order required in how you update appliances after the Console is updated.

If your Secure Shell (SSH) session is disconnected while the upgrade is in progress, the upgrade continues. When you reopen your SSH session and rerun the installer, the patch installation resumes.

1. After the patch completes and you have exited the installer, type the following command: **umount /media/updates**

2. Administrators and users should clear their browser cache before logging in to the Console.

**Results **A summary of the fix pack installation advises you of any managed host that were not updated. If the fix pack fails to update a managed host, you can copy the fix pack to the host and run the installation locally.

After all hosts are updated, administrators can send an email to their team to inform them that they will need to clear their browser cache before logging in to the QRadar SIEM interface.

**Resolved issues **
**Note:**Some APAR links in the table below might take 24 hours to display properly after a software release. A full APAR link for all QRadar versions is available

Issues resolved in 7.2.8 Patch 4

Number Description
SECURITY BULLETIN IBM QRADAR SIEM IS VULNERABLE TO A DENIAL OF SERVICE (CVE-2016-9740)
SECURITY BULLETIN IBM QRADAR SIEM AND QRADAR INCIDENT FORENSICS ARE VULNERABLE TO CROSS-SITE REQUEST FORGERY (CVE-2016-9730)
SECURITY BULLETIN IBM QRADAR SIEM IS VULNERABLE TO MISSING AUTHENTICATION CHECKS (CVE-2016-9729)
SECURITY BULLETIN IBM QRADAR SIEM AND QRADAR INCIDENT FORENSICS ARE VULNERABLE TO OS COMMAND INJECTION (CVE-2016-9726, CVE-2016-9727)
SECURITY BULLETIN IBM QRADAR SIEM IS VULNERABLE TO SQL INJECTION (CVE-2016-9728)
SECURITY BULLETIN IBM QRADAR INCIDENT FORENSICS IS VULNERABLE TO OVERLY PERMISSIVE CORS ACCESS POLICIES (CVE-2016-9725)
SECURITY BULLETIN IBM QRADAR SIEM IS VULNERABLE TO XML ENTITY INJECTION (CVE-2016-9724)
SECURITY BULLETIN IBM QRADAR SIEM AND QRADAR INCIDENT FORENSICS ARE VULNERABLE TO CROSS SITE SCRIPTING (CVE-2016-9723, CVE-2017-1133)
SECURITY BULLETIN IBM QRADAR SIEM AND QRADAR INCIDENT FORENSICS ARE VULNERABLE TO INFORMATION EXPOSURE (CVE-2016-9720)
SECURITY BULLETIN MOZILLA NSS AS USED IN IBM QRADAR SIEM IS VULNERABLE TO ARBITRARY CODE EXECUTION (CVE-2016-2834)
SECURITY BULLETIN PIVOTAL SPRING FRAMEWORK AS USED IN IBM QRADAR SIEM IS VULNERABLE TO VARIOUS CVEs
SECURITY BULLETIN APACHE SOLR AS USED IN IBM QRADAR SIEM AND INCIDENT FORENSICS IS VULNERABLE TO A DENIAL OF SERVICE
SECURITY BULLETIN IBM QRADAR SIEM CONTAINS HARD-CODED CREDENTIALS
SECURITY BULLETIN IBM QRADAR SIEM USES BROKEN OR RISKY CRYPTOGRAPHIC ALGORITHMS
SECURITY BULLETIN APACHE TOMCAT PRIOR TO VERSION 6.0.48 IS SUSCEPTIBLE TO SEVERAL VULNERABILITIES
SECURITY BULLETIN IBM QRADAR SIEM AND INCIDENT FORENSICS ARE VULNERABLE TO VARIOUS CVEs FOUND IN IBM JAVA.
SECURITY BULLETIN OPENSSL AS USED IN IBM QRADAR SIEM IS VULNERABLE TO VARIOUS CVEs
IV86405 ‘APPLICATION ERROR’ WHEN USING A VALUE SPECIFIED IN ‘AS’ CLAUSE FOR LOGSOURCENAME IN AN ADVANCED SEARCH (AQL)
IV86407 THE /VAR/LOG PARTITION CAN FILL DUE TO THE QRADAR LOG FILES BEING QUICKLY FILLED WITH ‘EXCEPTION IN TEST’ MESSAGES
IV87313 ‘SOURCE’ AND ‘DESTINATION’ NETWORK GROUP SHOW FULL NETWORK HIERARCHY NAME WHEN ADDED AS A COLUMN TO DISPLAY
IV87507 SOME DASBOARD ITEMS NO LONGER DISPLAY IN THE QRADAR USER INTERFACE
IV87862 RULE ‘EXPLOIT: DESTINATION VULNERABLE TO DETECTED EXPLOIT’ CAN SOMETIMES NOT TRIGGER WHEN EXPECTED
IV89015 APPLICATION ERROR WHEN DOUBLE CLICKING THE RESULTS OF AN ‘ADVANCED SEARCH’ (AQL)
IV89556 ECS-EP PROCESS RUNNING, BUT EVENT/FLOW PROCESSING NOT OCCURING ON A QRADAR APPLIANCE
IV89820 SYSLOG EVENTS GENERATED FROM AN OFFENSE RULE DO NOT CONTAIN ANY CONFIGURED NAMING CONTIBUTIONS IN THE EVENT PAYLOAD
IV89893 ‘ASSET MODEL HAS NOT YET BEEN UPDATED WITH SCAN RESULTS’ MESSAGE WHEN NO ASSETS HAVE BEEN SCANNED
IV89904 QVM VULNERABILITY EXCEPTIONS FOR IP/CIDR/NETWORK ARE NOT RESPECTED WHEN A FILTER IS DEFINED TO EXCLUDE THEM
IV89929 ‘MISSING PATCHES’ REPORT CAN SOMETIMES BE EMPTY WHEN RUN ON SYSTEMS WITH A LARGE NUMBER OF VULNERABILITY INSTANCES
IV90002 QVM RED WARNING TRIANGLE DISPLAYED ON A SCAN RESULT WHEN THE ASSET MODEL WAS PROPERLY UPDATED
IV90004 ASSET MODEL ‘NOT UPDATED’ ICON DISPLAYS FOR A SCAN PROFILE RESULT WHEN SCAN POLICY HAS BEEN EDITED
IV90075 RED WARNING ICON ON QVM SCAN RESULTS PAGE WHEN RESULTS HAVE BEEN REPUBLISHED
IV90376 SECURITY APP EXCHANGE APPLICATIONS CAN FAIL TO COMMUNICATE IN SOME HIGH AVAILABILITY QRADAR CONFIGURATIONS
IV90421 RULE TESTS AGAINST A REFERENCE MAP DO NOT WORK WHEN DESTINATION PORT IS NULL
IV90793 PATCHING TO QRADAR 7.2.8 GA OVERWRITES CA CERTS THAT WERE LOCATED IN /ETC/PKI/TLS/CERTS/CA-CUNDLE.CRT
IV90795 DRILLING INTO A SEARCH THAT WAS GROUPED BY A CUSTOM EVENT PROPERTY WITH PARENTHESIS DOES NOT WORK AS EXPECTED
IV90887 ‘ASSET MODEL HAS NOT YET BEEN UPDATED WITH SCAN RESULTS’ MESSAGED DISPLAYED WHEN ASSET MODEL IS UPDATED CORRECTLY
IV90906 TIMES SERIES NOT WORKING FOR SOME NON-ADMIN QRADAR USERS
IV91300 CREATING A REPORT BASED ON AN AQL (ADVANCED SEARCH) QUERY CONTAINING ‘ORDER BY’ FAILS TO GENERATE PROPER OUTPUT
IV91322 ATTEMPTING TO ENABLE TIMESERIES COLLECTION FOR SHARED SAVED SEARCHES CAN SOMETIMES FAIL
IV91615 ‘ERROR: COULD NOT FIND OR LOAD MAIN CLASS COM.Q1LABS.CORE.UTIL . PASSWORDENCRYPT’ WHEN CONFIGURING LDAP HOVER FEATURE
IV91618 EDIT SEARCH PAGE CAN SOMETIMES FAIL TO LOAD ALL OF THE EXPECTED SEARCH PAGE OPTIONS
IV91634 ARIEL SEARCHES THAT ARE RUN USING API VERSION 7.0+ DO NOT RETURN PAYLOAD PROPERLY FOR PARSING
IV91635 QUICK SEARCHES CANNOT BE REMOVED FROM THE QUICK SEARCH LIST
IV91675 AN ‘APPLICATION ERROR’ CAN BE DISPLAYED FOR NEW USERS LOGGING INTO THE QRADAR USER INTERFACE INSTEAD OF A DEFAULT DASHBOARD
IV91816 PATCHING QRADAR HIGH AVAILABILITY (HA) PAIR APPLIANCES CONFIGURED USING CROSSOVER CAN SOMETIMES FAIL
IV92139 ‘WRAP TEXT’ FUNCTION FOR EVENT PAYLOAD INFORMATION DOES NOT WORK AFTER APPLYING QRADAR PATCH
IV92466 QRADAR SEARCHES CAN FAIL TO COMPLETE AND/OR DASHBOARD DATA CAN FAIL TO LOAD DUE TO AN ARIEL CONNECTION LEAK
IV92851 ARIEL CAN BECOME OVERLOADED CAUSING SLOWER THAN EXPECTED SEARCH RESULTS AND SLOW USER INTERFACE RESPONSE
IV92852 REPORTS RUNNING ON ‘ACCUMULATED DATA’ CAN SOMETIMES FAIL DUE TO THE GLOBAL VIEW DAILY ROLLUPS FAILING
IV93839 QRADAR FEATURES USING THE ARIEL PROCESS (SEARCHES, DASHBOARDS, REPORTS, ETC.) CAN INTERMITTENTLY FAIL TO LOAD/COMPLETE (NOTE: THIS APAR WAS RECENTLY ADDED AND MIGHT TAKE UP TO 12 HORUS TO DISPLAY)

Issues resolved in 7.2.8 Patch 3

Number Description
IV89519 RULES THAT TEST AGAINST REFERENCE MAP OF DATA SETS CAN SOMETIMES FIRE UNEXPECTEDLY
IV89901 QRADAR AUTO UPDATE FEATURE CONFIGURED TO USE A PROXY SERVER CAN FAIL AFTER PATCHING
IV91030 QRADAR APPS THAT REQUIRE SPECIFIC USER ROLE PERMISSIONS CAN STOP WORKING AFTER PATCHING TO QRADAR 7.2.8 PATCH 1
IV91617 QFLOW APPLIANCES CAN STOP SENDING FLOWS TO FLOW PROCESSORS AFTER PATCHING TO QRADAR 7.2.8
IV92220 TIME SERIES DATA ACCUMULATION DOES NOT WORK FOR NON-ADMIN DOMAIN USERS WITH MULTI-TENANCY DASHBOARD

Issues resolved in 7.2.8 Patch 2

Number Description
NONE QRADAR 7.2.8 PATCH 2 DOES NOT INCLUDE ANY RESOLVED ISSUES (APARs). THIS UPDATE INCORPORATES FRAMEWORK CHANGES IN ORDER TO SUPPORT THE NEW QRADAR NETWORK INSIGHTS APPLIANCE (19xx) IN A QRADAR DEPLOYMENT. THIS SOFTWARE VERSION WAS NOT PUBLISHED AS A GLOBAL SOFTWARE RELEASE. THIS DOWNLOAD IS ONLY AVAILABLE FROM QRADAR SUPPORT.

Issues resolved in 7.2.8 Patch 1

Number Description
SECURITY BULLETIN APACHE POI AS USED IN IBM QRADAR SIEM IS VULNERABLE TO VARIOUS CVEs (CVE-2012-0213, CVE-2014-3529, CVE-2014-3574, CVE-2014-9527, CVE-2016-5000)
SECURITY BULLETIN IBM QRADAR SIEM IS VULNERABLE TO VARIOUS CGI VULNERABILITIES (CVE-2016-5385, CVE-2016-5387, CVE-2016-5388)
IV77767 QRADAR USER INTERFACE OUTAGES CAN OCCUR WHEN TRYING TO LOAD THE MANAGED SEARCH RESULTS PAGE
IV83509 USING ‘WHEN THE EVENT(S) HAVE NOT BEEN DETECTED…’ RULE WITH A RESPONSE TO CREATE NEW EVENT, THAT EVENT HAS INCORRECT QID
IV84025 UNABLE TO DELETE RULES THAT ARE ADDED TO THE GROUP ‘ANOMALY’
IV86422 ‘MORE OPTIONS’ IS DISPLAYED TWICE WHEN PERFORMING A RIGHT CLICK OF A SOURCE AND/OR DESTINATION IP IN A NETWORK ACTIVITY SEARCH
IV87248 HIGH AVAILABILITY CONSOLE WITH CROSSOVER CONNECTIONS CAN HANG AND/OR FAIL DURING QRADAR PATCHING
IV87796 CUSTOM EVENT PROPERTIES DO NOT FORWARD THROUGH A CUSTOM RULE RESPONSE WHEN USING JSON FORMAT
IV88275 NON-ADMIN QRADAR USERS ARE UNABLE TO FILTER ON ‘EVENT PROCESSOR’
IV88324 THE SYSTEM HEATH (QRADAR HEALTH CONSOLE) FEATURE CAN HAVE VARIOUS PROBLEMS AFTER APPLYING A QRADAR PATCH
IV88708 QRADAR VULNERABILITY MANAGER - ASSET DETAILS RISK POLICY SCREEN SHOWS INCORRECT TIMESTAMP IN LAST EVALUATED FIELD WHEN TIME ZONE IS SET FOR NEW ZEALAND
IV89173 QRADAR VULNERABILITY MANAGER - CIDR DATA ENTRY VALIDATION FOR SCANNERS DOES NOT WORK AS EXPECTED
IV89308 THE QRADAR RULES PAGE FAILS TO LOAD OR TAKES A LONGER THAN EXPECTED TIME TO LOAD
IV89345 QVM: CIS SCAN RESULT STATUS CAN SOMETIMES DISPLAY AS FAIL INSTEAD OF UNKNOWN IN THE USER INTERFACE
IV89367 QRADAR SYSTEM NOTIFICATION: 'TRANSACTION SENTRY: RESTORED SYSTEM HEALTH BY CANCELLING HUNG TRANSACTIONS OR DEADLOCKS
IV89408 QRADAR VULNERABILITY MANAGER SCANS UNEXPECTEDLY DISPLAY A ZERO VULNERABILITY COUNT AND NO ASSETS CREATED FROM THOSE SCANS
IV89516 SAVED SEARCHES ATTEMPTING TO USE CVE-ID NUMBER DATA IN REFERENCE SETS DO NOT WORK AS EXPECTED
IV89665 FILTERING ON ‘USERNAME IS ANY OF’ " " (A BLANK SPACE WITHIN QUOTES) DOES NOT DISPLAY AS A CURRENTLY APPLIED FILTER
IV89901 QRADAR AUTO UPDATE FEATURE CONFIGURED TO USE A PROXY SERVER CAN FAIL AFTER PATCHING
IV90087 SEARCHES CAN TAKE A LONGER THAT EXPECTED TIME TO COMPLETE IN QRADAR 7.2.8 GA
IV90323 UNABLE TO DELETE REFERENCE SET ELEMENTS USING THE QRADAR USER INTERFACE
IV90372 ATTEMPTING TO ADD AN ADVANCED SEARCH (AQL) TEST TO A RULE CAN CAUSE THE USER INTERFACE WINDOW TO BECOME UNRESPONSIVE
IV90419 EVENT DATA WRITTEN INTO QRADAR AT VERSION 7.2.3.X OR PRIOR CANNOT BE READ BY QRADAR VERSION 7.2.7.X AND 7.2.8 GA
IV90460 QRADAR DEPLOY FUNCTION CAN FAIL AFTER PATCHING TO QRADAR 7.2.8 GA
IV90646 QFLOW PROCESS CAN STOP WORKING AS EXPECTED ON FLOW APPLIANCES AFTER PATCHING TO QRADAR 7.2.8 GA
IV90649 PATCH PROCESS TO 7.2.8 GA FAILS DUE TO A USER AND AUTHORIZED SERVICE HAVING THE SAME NAME
IV90777 NO FLOWS OR EVENTS VISIBLE IN THE QRADAR USER INTERFACE AFTER RESTORING A CONFIGURATION BACKUP FROM 7.2.8 GA

Issues resolved in 7.2.8

Number Description
IV81172 SQL EXCEPTION WHEN RUNNING EVENTS/LOGS REPORTS BASED ON ADVANCED SEARCH FOR ASSETS
IV87841 RULE TEST WITH MULTIPLE REFERENCE SETS ONLY MATCHES FIRST REFERENCE SET IN TEST
IV82547 WEB APPLICATION XJAVASCRIPT FILTERING BROKEN
IV84386 CRITSIT: LOG ACTIVITY - UI EXCEPTION POPUP WHEN MOUSING OVER IP ADDRESSES
IV88370 REFERENCE DATA - BULK LOADING PERFORMANCE NEEDS WORK
IV84710 ASSET SCREEN IN UI IS SLOW WHEN THE NUMBER OF ASSETS IS MODERATE TO LARGE
IV85584 RULE WIZARD UI ISSUES
IV79236 CRITSIT: CANNOT ACCESS RULE WIZARD WHEN NAVIGATING TO AN EVENT THROUGH AN OFFENSE
IV85435 OFFENSE NAMING NOT WORKING CONSISTENTLY
IV87029 INDEX ROLLER BUG
IV70567 AUTOUPDATE HTTPS AND PROXY INTERCEPTION - CONNECT FAILURES BY UPDATECONFS.PL
IV84567 OFFENSES OVER TIME REPORTS CAN MISMATCH OFFENSE SCREEN
IV86839 FILTERING IN LOG SOURCES WHILE SORTED BY EPS CAUSES EXCEPTION
IV82557 NULLPOINTEREXCEPTION IN DATA DELETION CAUSES USER UNABLE TO DELETE RULE OR CUSTOM EVENT PROPERTY
IV89021 EVENTS CONTAINING ESCAPED CHARACTERS ARE DISPLAYED INCORRECTLY IN THE CUSTOM EVENT PROPERTY SCREEN

**Where do I find more information? **

[{“Product”:{“code”:“SSBQAC”,“label”:“IBM Security QRadar SIEM”},“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Component”:“Documentation”,“Platform”:[{“code”:“PF016”,“label”:“Linux”}],“Version”:“7.2”,“Edition”:“All Editions”,“Line of Business”:{“code”:“LOB24”,“label”:“Security Software”}}]

Related

ibm 27
fedora 14
openvas 31
redhat 13
nessus 38
mageia 4
cloudfoundry 1
checkpoint_advisories 1
cert 1
threatpost 1
prion 13
cve 12
debiancve 4
impervablog 1
osv 3
ubuntucve 4
github 4
redhatcve 1
friendsofphp 2
oraclelinux 3
typo3 4
centos 3
debian 3
archlinux 1
veracode 2
gitlab 1
ubuntu 1
httpd 1
amazon 1
alpinelinux 1
f5 3
ibm
ibm
Security Bulletin: Vulnerabilities in Apache POI affects IBM InfoSphere Information Server
2018-06-16 13:44:59
Security Bulletin: Multiple vulnerabilities in Apache POI affect Asset and Service Management
2022-09-22 03:02:31
Security Bulletin: Apache POI as used in IBM QRadar SIEM is vulnerable to various CVEs.
2018-06-16 21:48:14
fedora
fedora
[SECURITY] Fedora 20 Update: apache-poi-3.10.1-2.fc20
2015-02-23 07:59:36
[SECURITY] Fedora 21 Update: apache-poi-3.10.1-1.fc21
2014-09-27 10:07:00
[SECURITY] Fedora 20 Update: apache-poi-3.10.1-1.fc20
2014-09-19 10:14:54
openvas
openvas
Fedora Update for apache-poi FEDORA-2015-2090
2015-02-25 00:00:00
Fedora Update for apache-poi FEDORA-2014-10322
2014-09-20 00:00:00
Mageia: Security Advisory (MGASA-2014-0550)
2022-01-28 00:00:00
redhat
redhat
(RHSA-2014:1400) Moderate: Apache POI security update
2014-10-13 16:38:47
(RHSA-2014:1399) Moderate: Apache POI security update
2014-10-13 16:38:20
(RHSA-2014:1398) Moderate: Apache POI security update
2014-10-13 16:37:40
nessus
nessus
Fedora 21 : apache-poi-3.10.1-2.fc21 (2015-2087)
2015-02-24 00:00:00
Fedora 21 : apache-poi-3.10.1-1.fc21 (2014-10171)
2014-09-29 00:00:00
Fedora 20 : apache-poi-3.10.1-1.fc20 (2014-10322)
2014-09-10 00:00:00
mageia
mageia
Updated apache-poi packages fix security vulnerabilities
2014-12-26 20:04:58
Updated apache-poi packages fix CVE-2014-9527
2015-02-26 11:26:53
Updated apache packages fix security vulnerability
2016-07-27 00:16:28
cloudfoundry
cloudfoundry
Multiple CVEs: httpoxy | Cloud Foundry
2016-12-21 00:00:00
checkpoint_advisories
checkpoint_advisories
CGI Namespace Conflict Man-In-The-Middle (httpoxy; CVE-2016-1000109; CVE-2016-1000110; CVE-2016-5385; CVE-2016-5386; CVE-2016-5387; CVE-2016-5388)
2016-07-19 00:00:00
cert
cert
CGI web servers assign Proxy header values from client requests to internal HTTP_PROXY environment variables
2016-07-18 00:00:00
threatpost
threatpost
CGI Script Vulnerability 'Httpoxy' Allows Man-in-the-Middle Attack
2016-07-18 18:00:46
prion
prion
Xxe
2017-03-07 17:59:00
Design/Logic Flaw
2015-01-06 15:59:00
Cross site scripting
2017-03-07 17:59:00
cve
cve
CVE-2016-9724
2017-03-07 17:59:00
CVE-2016-9723
2017-03-07 17:59:00
CVE-2016-9727
2017-03-07 17:59:00
debiancve
debiancve
CVE-2014-9527
2015-01-06 15:59:00
CVE-2016-5385
2016-07-19 02:00:00
CVE-2014-3574
2014-09-04 17:55:00
impervablog
impervablog
Python and Go Top the Chart of 2019’s Most Popular Hacking Tools
2020-05-27 09:22:21
osv
osv
Loop with Unreachable Exit Condition in Apache POI
2022-05-17 03:00:44
HTTP Proxy header vulnerability
2022-04-07 13:59:22
CVE-2016-5387
2016-07-19 02:00:00
ubuntucve
ubuntucve
CVE-2014-9527
2015-01-06 00:00:00
CVE-2016-5385
2016-07-18 00:00:00
CVE-2014-3574
2014-09-04 00:00:00
github
github
Loop with Unreachable Exit Condition in Apache POI
2022-05-17 03:00:44
HTTP Proxy header vulnerability
2022-04-07 13:59:22
Improper Restriction of XML External Entity Reference in Apache POI
2022-05-17 01:24:40
redhatcve
redhatcve
CVE-2016-5385
2016-07-18 14:19:09
friendsofphp
friendsofphp
HTTP Proxy header vulnerability
2018-02-12 19:47:17
HTTP Proxy header vulnerability
2016-07-18 20:27:36
oraclelinux
oraclelinux
php security update
2016-08-11 00:00:00
httpd security and bug fix update
2016-07-18 00:00:00
php security and bug fix update
2016-08-11 00:00:00
typo3
typo3
Environment Variable Injection in extension "AWS SDK for PHP" (aws_sdk_php)
2018-08-09 00:00:00
Environment Variable Injection in extension "Amazon Web Services SDK " (aws_sdk)
2018-08-09 00:00:00
Environment Variable Injection
2016-07-19 00:00:00
centos
centos
php security update
2016-08-12 11:27:56
httpd, mod_ssl security update
2016-07-18 15:57:06
php security update
2016-08-11 21:20:11
debian
debian
[SECURITY] [DSA 3623-1] apache2 security update
2016-07-20 08:39:47
[SECURITY] [DSA 3623-1] apache2 security update
2016-07-20 08:39:47
[SECURITY] [DLA 553-1] apache2 security update
2016-07-20 11:30:29
archlinux
archlinux
drupal: proxy injection
2016-07-21 00:00:00
veracode
veracode
Open Redirection
2019-01-15 09:12:46
Open Redirection
2019-01-15 09:12:18
gitlab
gitlab
HTTP Proxy header vulnerability
2016-07-18 00:00:00
ubuntu
ubuntu
Apache HTTP Server vulnerability
2016-07-18 00:00:00
httpd
httpd
Apache Httpd < 2.2.32 : HTTP_PROXY environment variable "httpoxy" mitigation
2016-07-02 00:00:00
amazon
amazon
Important: httpd24, httpd
2016-07-20 18:00:00
alpinelinux
alpinelinux
CVE-2016-5387
2016-07-19 02:00:00
f5
f5
K73071205 : PHP vulnerability CVE-2016-5385
2016-07-26 00:00:00
Apache HTTPD vulnerability CVE-2016-5387
2016-08-02 21:36:00
SOL80513384 - Apache HTTPD vulnerability CVE-2016-5387
2016-08-02 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON
Related for 03B6C658330D9ED7D3D5C516018194DBD42F5AA0466A1BAFC87309A8A438D756
ibm27fedora14openvas31redhat13nessus38mageia4cloudfoundry1checkpoint_advisories1cert1threatpost1prion13cve12debiancve4impervablog1osv3ubuntucve4github4redhatcve1friendsofphp2oraclelinux3typo34centos3debian3archlinux1veracode2gitlab1ubuntu1httpd1amazon1alpinelinux1f53