Lucene search

K
ibmIBM1E405D4974F6EA8AB73C7DDA9E9B3B2FCA2359AF05B6CF7C124046402F2BC520
HistorySep 30, 2021 - 3:02 p.m.

Security Bulletin: IBM QRadar Azure marketplace images include Open Management Infrastructure RPM, which is vulnerable to Remote Code Execution (CVE-2021-38647)

2021-09-3015:02:10
www.ibm.com
16

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.975 High

EPSS

Percentile

100.0%

Summary

IBM QRadar Azure marketplace images include the Open Management Infrastructure RPM which is vulnerable to CVE-2021-38647. Although we do not expose the affected port, we suggest updating out of an abundance of caution.

Vulnerability Details

CVEID:CVE-2021-38647
**DESCRIPTION:**Microsoft Azure Open Management Infrastructure could allow a remote attacker to execute arbitrary code on the system. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208548 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM QRadar Azure marketplace images 7.3.0 to 7.3.3 Patch 9

IBM QRadar Azure marketplace images 7.4.0 to 7.4.3 Patch 2

Remediation/Fixes

1. Check your current version of OMI to see if you are affected. All versions of OMI below v1.6.8-1 are affected
   To do this perform the following command:
   yum list all | grep omi
   
2. Add Microsoft Software Repository for RHEL 7 Linux Platform:
   sudo yum localinstall <https://packages.microsoft.com/config/rhel/7/packages-microsoft-prod.rpm>
   
3. Run yum update command for OMI:
   sudo yum update omi
   
4. Disable Microsoft Software Repository after updating the rpm 
   sudo sed -i 's/^enabled=1/enabled=0/' /etc/yum.repos.d/microsoft-prod.repo  

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm qradar siemeq7.3
ibm qradar siemeq7.4

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.975 High

EPSS

Percentile

100.0%

Related for 1E405D4974F6EA8AB73C7DDA9E9B3B2FCA2359AF05B6CF7C124046402F2BC520