logo
DATABASE RESOURCES PRICING ABOUT US

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Description

## Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. ## Vulnerability Details ** CVEID: **[CVE-2020-7226](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7226>) ** DESCRIPTION: **Cryptacular is vulnerable to a denial of service, caused by an excessive memory allocation during a decode operation in CiphertextHeader.java. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/175399](<https://exchange.xforce.ibmcloud.com/vulnerabilities/175399>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) ** CVEID: **[CVE-2021-29425](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29425>) ** DESCRIPTION: **Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199852](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199852>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) ** CVEID: **[CVE-2021-28165](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165>) ** DESCRIPTION: **Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a remote attacker could exploit this vulnerability to cause CPU resources to reach to 100% usage. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199305>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2021-28169](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28169>) ** DESCRIPTION: **Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker could exploit this vulnerability to obtain sensitive information from protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203492](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203492>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) ** CVEID: **[CVE-2021-28163](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28163>) ** DESCRIPTION: **Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain webapp directory contents information, and use this information to launch further attacks against the affected system. CVSS Base score: 2.7 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199303>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) ** CVEID: **[CVE-2021-22696](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22696>) ** DESCRIPTION: **Apache CXF is vulnerable to a denial of service, caused by improper validation of request_uri parameter by the OAuth 2 authorization service. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition on the authorization server. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199335](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199335>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2020-13954](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13954>) ** DESCRIPTION: **Apache CXF is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the services listing page. A remote attacker could exploit this vulnerability using the styleSheetPath in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. CVSS Base score: 6.1 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191650](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191650>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) ** CVEID: **[CVE-2018-8029](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029>) ** DESCRIPTION: **Apache Hadoop could allow a remote authenticated attacker to gain elevated privileges on the system. An attacker could exploit this vulnerability to run arbitrary commands as root user. CVSS Base score: 8.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161812](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161812>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2020-9492](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9492>) ** DESCRIPTION: **Apache Hadoop could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper validation of SPNEGO authorization header. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to trigger services to send server credentials to a webhdfs path for capturing the service principal. CVSS Base score: 8.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195656>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2018-11768](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11768>) ** DESCRIPTION: **Apache Hadoop is vulnerable to a denial of service, caused by a mismatch in the size of the fields used to store user/group information between memory and disk representation. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the user/group information to be corrupted across storing in fsimage and reading back from fsimage. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168305>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2017-15713](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15713>) ** DESCRIPTION: **Apache Hadoop could allow a remote authenticated attacker to obtain sensitive information. By using a specially-crafted file, a remote attacker could exploit this vulnerability to expose private files. CVSS Base score: 4.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/138064](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138064>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) ** CVEID: **[CVE-2018-18751](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18751>) ** DESCRIPTION: **GNU gettext is vulnerable to a denial of service, caused by a double free flaw in the default_add_message function in read-catalog.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 3.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/152105](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152105>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) ** CVEID: **[CVE-2019-9924](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9924>) ** DESCRIPTION: **Bash could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by the failure to prevent the shell user from modifying BASH_CMDS in the rbash. By modifying BASH_CMDS, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the permissions of the shell. CVSS Base score: 8.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/158906](<https://exchange.xforce.ibmcloud.com/vulnerabilities/158906>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-3715](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3715>) ** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free in route4_change() in net/sched/cls_route.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges. CVSS Base score: 7.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208836](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208836>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2020-27777](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27777>) ** DESCRIPTION: **Linux Kernel for PowerPC could allow a local authenticated attacker to bypass security restrictions, caused by a flaw with the Run-Time Abstraction Services (RTAS) interface. By sending a specially-crafted request, an attacker could exploit this vulnerability to overwrite some parts of memory, including kernel memory. CVSS Base score: 6.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192283](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192283>) for the current score. CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-22555](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22555>) ** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a heap out-of-bounds write flaw in net/netfilter/x_tables.c. By sending a specially-crafted request through user name space, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition. CVSS Base score: 7.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204997](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204997>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-29154](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29154>) ** DESCRIPTION: **Linux Kernel could allow a could allow a local authenticated attacker to gain elevated privileges on the system, caused by an issue with incorrect computation of branch displacements in BPF JIT compiler. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges, and execute arbitrary code in the Kernel mode. CVSS Base score: 7.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199609](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199609>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2021-29650](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29650>) ** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by the lack of a full memory barrier upon the assignment of a new table value in the netfilter subsystem. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the system to crash. CVSS Base score: 6.2 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/199201](<https://exchange.xforce.ibmcloud.com/vulnerabilities/199201>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2021-32399](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32399>) ** DESCRIPTION: **Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the BlueTooth subsystem. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with elevated privileges. CVSS Base score: 7.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201653](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201653>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) ## Affected Products and Versions IBM QRadar SIEM 7.3.0 to 7.3.3 Fix Pack 9 IBM QRadar SIEM 7.4.0 to 7.4.3 Fix Pack 2 ## Remediation/Fixes [QRadar / QRM / QVM / QRIF / QNI 7.3.3 Fix Pack 10](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.4.0&platform=Linux&function=fixId&fixids=7.3.3-QRADAR-QRSIEM-20211125190208&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=SAR> "QRadar / QRM / QVM / QRIF / QNI 7.3.3 Fix Pack 10" ) QRadar / QRM / QVM / QRIF / QNI 7.4.3 Fix Pack 3 [QRadar / QRM / QVM / QRIF / QNI 7.4.3 Fix Pack 4](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.4.0&platform=Linux&function=fixId&fixids=7.4.3-QRADAR-QRSIEM-20211113154131&includeRequisites=1&includeSupersedes=0&downloadMethod=http> "QRadar / QRM / QVM / QRIF / QNI 7.4.3 Fix Pack 4" ) **Note**: Version 7.4.3 Fix Pack 3 is only available to QRadar on Cloud users. QRadar 7.4.3 Fix Pack 3 [was removed for on-premise QRadar SIEM users](<https://www.ibm.com/support/pages/node/6509562>). ## Workarounds and Mitigations None ## Get Notified about Future Security Bulletins Subscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this. ### References [Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> "Link resides outside of ibm.com" ) [On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> "Link resides outside of ibm.com" ) Off ## Related Information [IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) [IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>) ## Acknowledgement ## Change History 26 Nov 2021: Initial Publication *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. ## Disclaimer Review the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment. ## Document Location Worldwide [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3, 7.4","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]


Affected Software


CPE Name Name Version
ibm qradar siem 7.3
ibm qradar siem 7.4

Related