IBM1F59FF0DFE8D8470A073AD88CDD45ACDFE052DAA1654139B2F9B7656E4CCA667Security Bulletin: IBM QRadar SIEM protocols are vulnerable to information exposure and denial of service (CVE-2023-31582, CVE-2023-51775)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.6 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.9%
Summary
The Jose4j library is vulnerable to a denial of service, caused by improper input validation. It could also allow a remote attacker to obtain sensitive information using cryptographic attacks.
Vulnerability Details
CVEID:CVE-2023-31582
**DESCRIPTION:**Jose4J could allow a remote attacker to obtain sensitive information, caused by allowing of a low iteration count of 1000 or less. By utilize cryptographic attack techniques, an attacker could exploit this vulnerability to obtain hashed password values, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/269733 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2023-51775
**DESCRIPTION:**jose4j is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2c value, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/275907 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
**IBM X-Force ID:**254437
**DESCRIPTION:**Jose4J could allow a remote attacker to obtain sensitive information, caused by a chosen ciphertext attack in RSA1_5. By using cryptographic attack techniques, an attacker could exploit this vulnerability to decrypt RSA1_5 or RSA_OAEP encrypted ciphertexts.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/254437 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
**IBM X-Force ID:**186425
**DESCRIPTION:**The jose.4.j library could allow a remote attacker to obtain sensitive information, caused by an Elliptic Curve Key Disclosure if the JWKโs Header Parameter includes the public key. An attacker could generate a private key/public key pair and send the public key together with the signature resulting in the invalidation of the signature.
CVSS Base score: 8.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186425 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM QRadar SIEM | 7.5 - 7.5.0 UP8 |
Remediation/Fixes
| Product | Version | Fix |
|---|---|---|
| IBM QRadar SIEM | 7.5.0 | 7.5.0 QRadar Protocol BoxRESTAPI |
| IBM QRadar SIEM | 7.5.0 | 7.5.0 QRadar Protocol UniversalCloudRESTAPI |
| IBM QRadar SIEM | 7.5.0 | 7.5.0 QRadar Protocol SeculertProtectionRESTA |
Workarounds and Mitigations
Please be aware that these updates are available via Auto Update if you have it enabled.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security qradar siem | eq | 7.5 |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.6 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.9%