Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM3198F073B1FC1F046777F5CCD1597F293E29F01DCC2A7CC4BFF013807B90537A
HistoryJul 11, 2022 - 8:34 p.m.

Security Bulletin: IBM QRadar SIEM is vulnerable to denial of service attack due to CVE-2021-39041

2022-07-1120:34:33
www.ibm.com
17

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

33.7%

JSON

Summary

The Common and TCPMultilineSyslog protocol components as used by IBM QRadar SIEM contain vulnerabilities which may allow for denial of service attacks. IBM has addressed the relevant CVE.

Vulnerability Details

CVEID:CVE-2021-39041
**DESCRIPTION:**IBM QRadar SIEM may be vulnerable to partial denial of service attack, resulting in some protocols not listening to specified ports.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214028 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM QRadar SIEM v7.3

All PROTOCOL-Common versions before PROTOCOL-Common-7.3-20220608132603

All PROTOCOL-TCPMultilineSyslog versions before PROTOCOL-TCPMultilineSyslog-7.3-20220531145432

IBM QRadar SIEM v7.4|

All PROTOCOL-Common versions before PROTOCOL-Common-7.4-20220608234024

All PROTOCOL-TCPMultilineSyslog versions before PROTOCOL-TCPMultilineSyslog-7.4-20220531145346

IBM QRadar SIEM v7.5|

All PROTOCOL-Common versions before PROTOCOL-Common-7.5-20220608234038

All PROTOCOL-TCPMultilineSyslog versions before PROTOCOL-TCPMultilineSyslog-7.5-20220531145302

Remediation/Fixes

IBM encourages customers to update their systems promptly.

See the Related Information section below for instructions on verifying your currently installed version.

Product|Versions|

Fix

—|—|—
IBM QRadar SIEM| 7.3|

PROTOCOL-Common-7.3-20220608132603

PROTOCOL-TCPMultilineSyslog-7.3-20220531145432

IBM QRadar SIEM| 7.4|

PROTOCOL-Common-7.4-20220608234024

PROTOCOL-TCPMultilineSyslog-7.4-20220531145346

IBM QRadar SIEM| 7.5|

PROTOCOL-Common-7.5-20220608234038

PROTOCOL-TCPMultilineSyslog-7.5-20220531145302

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmqradar_pulseMatch7.3
OR
ibmqradar_pulseMatch7.4
OR
ibmqradar_pulseMatch7.5
OR
ibmqradar_pulseMatch7.4.0
OR
ibmqradar_pulseMatch7.5.0

Related

prion 1
cvelist 1
cve 1
cnvd 1
nvd 1
prion
prion
Code injection
2022-07-12 19:15:00
cvelist
cvelist
CVE-2021-39041
2022-07-11 00:00:00
cve
cve
CVE-2021-39041
2022-07-12 19:15:08
cnvd
cnvd
IBM QRadar SIEM Denial of Service Vulnerability (CNVD-2022-56976)
2022-07-15 00:00:00
nvd
nvd
CVE-2021-39041
2022-07-12 19:15:08

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

33.7%

JSON
Related for 3198F073B1FC1F046777F5CCD1597F293E29F01DCC2A7CC4BFF013807B90537A
prion1cvelist1cve1cnvd1nvd1