Security Bulletin: IBM QRadar Network Security is affected by Wget vulnerability (CVE-2021-31879)

Summary

IBM QRadar Network Security includes wget, which fails to omit the Authorization header during a redirect, possibly allowing an attacker to bypass access restrictions. IBM QRadar Network Security took measures to suppress redirects in wget, avoiding the issue.

Vulnerability Details

CVEID:CVE-2021-31879
**DESCRIPTION:**GNU Wget could allow a remote attacker to bypass security restrictions, caused by the failure to omit the Authorization header upon a redirect to a different origin. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201069 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

IBM QRadar Network Security 5.4.0

IBM QRadar Network Security 5.5.0

Remediation/Fixes

Product |

VRMF

|

Remediation/First Fix

—|—|—

IBM QRadar Network Security

|

5.4.0

|

Install Firmware 5.4.0.15 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector.
Or
Download Firmware 5.4.0.15 from IBM Security License Key and Download Center and upload and install via the Available Updates page of the Local Management Interface.

IBM QRadar Network Security

|

5.5.0

|

Install Firmware 5.5.0.10 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector.
Or
Download Firmware 5.5.0.10 from IBM Security License Key and Download Center and upload and install via the Available Updates page of the Local Management Interface.

Workarounds and Mitigations

None