Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM385B2DF0FBC2FE1AC5ABED6366E19890F3040B24E8EA22549B0F84E10E91E6D7
HistoryJun 16, 2018 - 9:50 p.m.

Security Bulletin: Mozilla NSS as used in IBM QRadar SIEM is vulnerable to arbitrary code execution (CVE-2016-2834)

2018-06-1621:50:45
www.ibm.com
35

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

Summary

IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools.

Vulnerability Details

CVEID: CVE-2016-2834**
DESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113870&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

ยท IBM QRadar SIEM 7.2.n

Remediation/Fixes

โ€ข IBM QRadar/QRM/QVM/QRIF 7.2.8 Patch 4

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security qradar siemeq7.2

Related

veracode 1
nessus 22
ubuntu 2
mozilla 1
osv 2
debiancve 1
freebsd 1
cve 1
openvas 22
f5 2
ubuntucve 1
prion 1
redhatcve 1
debian 2
redhat 1
ibm 12
symantec 1
centos 1
amazon 1
oraclelinux 1
suse 7
kaspersky 1
oracle 2
veracode
veracode
Denial Of Service
2019-01-15 09:14:44
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS : NSS vulnerability (USN-3029-1)
2016-07-12 00:00:00
Debian DLA-527-1 : nss security update
2016-06-27 00:00:00
FreeBSD : NSS -- multiple vulnerabilities (32166082-53fa-41fa-b081-207e7a989a0a)
2016-06-08 00:00:00
ubuntu
ubuntu
NSS vulnerability
2016-07-11 00:00:00
Firefox vulnerabilities
2016-06-09 00:00:00
mozilla
mozilla
Network Security Services (NSS) vulnerabilities โ€” Mozilla
2016-06-07 00:00:00
osv
osv
nss - security update
2016-06-25 00:00:00
nss - security update
2016-10-05 00:00:00
debiancve
debiancve
CVE-2016-2834
2016-06-13 10:59:00
freebsd
freebsd
NSS -- multiple vulnerabilities
2016-06-07 00:00:00
cve
cve
CVE-2016-2834
2016-06-13 10:59:00
openvas
openvas
Ubuntu: Security Advisory (USN-3029-1)
2016-07-12 00:00:00
Oracle OpenSSO 'Web Agents' DOS Vulnerability
2017-08-01 00:00:00
Mozilla Firefox Security Advisory (MFSA2016-61) - Linux
2021-11-08 00:00:00
f5
f5
SOL15479471 - Mozilla NSS vulnerability CVE-2016-2834
2016-09-01 00:00:00
K15479471 : Mozilla NSS vulnerability CVE-2016-2834
2016-09-01 00:00:00
ubuntucve
ubuntucve
CVE-2016-2834
2016-06-08 00:00:00
prion
prion
Memory corruption
2016-06-13 10:59:00
redhatcve
redhatcve
CVE-2016-2834
2016-06-18 08:48:29
debian
debian
[SECURITY] [DLA 527-1] nss security update
2016-06-25 18:05:55
[SECURITY] [DSA 3688-1] nss security update
2016-10-05 20:20:43
redhat
redhat
(RHSA-2016:2779) Moderate: nss and nss-util security update
2016-11-16 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Mozilla Network Security Services (NSS) affect IBM MQ Appliance (CVE-2016-2834, CVE-2016-5285, CVE-2016-8635)
2018-06-15 07:06:54
Security Bulletin: Vulnerabilities in Mozilla Network Security Services (NSS) affect PowerKVM
2018-06-18 01:34:46
Security Bulletin: Vulnerabilities in Mozilla NSS affect the IBM FlashSystem model V840
2018-06-18 00:32:47
symantec
symantec
SA137 : NSS Vulnerabilities
2016-12-20 08:00:00
centos
centos
nss security update
2016-11-19 11:17:02
amazon
amazon
Medium: nss-util, nss, nss-softokn
2016-12-15 00:32:00
oraclelinux
oraclelinux
nss and nss-util security update
2016-11-16 00:00:00
suse
suse
Security update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nspr, mozilla-nss (important)
2016-06-27 20:08:30
Security update for MozillaFirefox, MozillaFirefox-branding-SLE and mozilla-nss (important)
2016-07-14 15:08:10
Security update for MozillaFirefox, mozilla-nss (important)
2016-06-11 14:11:17
kaspersky
kaspersky
KLA10822 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2016-06-07 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2017
2018-03-20 00:00:00
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON
Related for 385B2DF0FBC2FE1AC5ABED6366E19890F3040B24E8EA22549B0F84E10E91E6D7
veracode1nessus22ubuntu2mozilla1osv2debiancve1freebsd1cve1openvas22f52ubuntucve1prion1redhatcve1debian2redhat1ibm12symantec1centos1amazon1oraclelinux1suse7kaspersky1oracle2