Lucene search

K
ibmIBM32C7366BF60AD0A0414388FADDC398AE2C222E692560B44546E29585DCB69B7E
HistoryJul 30, 2021 - 5:04 a.m.

Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to using components with known vulnerabilities

2021-07-3005:04:09
www.ibm.com
17

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.214 Low

EPSS

Percentile

95.7%

Summary

The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools.

Vulnerability Details

CVEID:CVE-2021-25215
**DESCRIPTION:**ISC BIND is vulnerable to a denial of service, caused by an assertion failure while answering queries for DNAME records. By sending a query for DNAME records, an attacker could exploit this vulnerability to trigger a failed assertion check and terminate the named process.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200960 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-25648
**DESCRIPTION:**Mozilla Network Security Services (NSS), as used in Mozilla Firefox is vulnerable to a denial of service, caused by improper handling of CCS (ChangeCipherSpec) messages in TLS. By sending specially-crafted CCS messages, a remote attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190416 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-25692
**DESCRIPTION:**OpenLDAP is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted TCP packet, a remote attacker could exploit this vulnerability to cause slapd to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191968 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-8625
**DESCRIPTION:**ISC BIND is vulnerable to a buffer overflow, caused by improper bounds checking by the SPNEGO implementation. By setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the named process to crash.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196959 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-27363
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a kernel pointer leak when show_transport_handle function in drivers/scsi/scsi_transport_iscsi.c is called. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain the address of the iscsi_transport structure information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197857 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-27364
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the iscsi_if_recv_msg function in drivers/scsi/scsi_transport_iscsi.c. By sending specially-crafted Netlink messages, an attacker could exploit this vulnerability to connect to the iscsi NETLINK socket and send arbitrary commands to the kernel.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197858 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-27365
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by an issue when certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. By sending a specially-crafted Netlink message, an attacker could exploit this vulnerability to obtain memory information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197859 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 6

IBM QRadar Network Packet Capture 7.4.0 - 7.4.3 GA

Remediation/Fixes

IBM QRadar Network Packet Capture 7.3.3 Patch 7

IBM QRadar Network Packet Capture 7.4.3 Patch 1

Workarounds and Mitigations

None

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.214 Low

EPSS

Percentile

95.7%