Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM532726FECC3B1D24D191D2502D19E229E8A42F481E2D82243939EB0E63D6C934
HistoryOct 20, 2021 - 7:08 p.m.

Security Bulletin: IBM QRadar Advisor With Watson uses components with known vulnerabilities (CVE-2020-36242, CVE-2021-33503, CVE-2020-28493)

2021-10-2019:08:49
www.ibm.com
11

0.008 Low

EPSS

Percentile

82.3%

JSON

Summary

The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. This update addresses these vulnerabilities.

Vulnerability Details

CVEID:CVE-2020-36242
**DESCRIPTION:**Cryptography could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow and a buffer overflow. By using certain sequences of update calls to symmetrically encrypt multi-GB values, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 9.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196426 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)

CVEID:CVE-2021-33503
**DESCRIPTION:**urllib3 is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw due to catastrophic backtracking. By sending a specially-crafted URL request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203109 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-28493
**DESCRIPTION:**Pallets jinja2 is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the email regex. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195894 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
Qradar Advisor QRadar Advisor 2.5 - QRadar Advisor 2.6.1

Remediation/Fixes

Update to IBM QRadar Advisor with Watson 2.6.2

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm qradar siemeq7.4

Related

nessus 56
alpinelinux 2
osv 15
openvas 41
fedora 5
debiancve 3
veracode 3
cbl_mariner 4
cve 3
photon 9
ubuntucve 3
gitlab 1
rocky 2
redhat 4
ubuntu 3
redhatcve 3
nvd 3
ibm 10
prion 3
redos 2
archlinux 4
suse 2
mageia 3
gentoo 2
github 3
cvelist 3
amazon 1
almalinux 2
f5 1
hackerone 1
oraclelinux 2
nessus
nessus
SUSE SLES15 Security Update : python-cryptography (SUSE-SU-2021:0696-1)
2021-03-04 00:00:00
Photon OS 2.0: Python PHSA-2021-2.0-0347
2021-05-21 00:00:00
Photon OS 4.0: Python3 PHSA-2021-4.0-0027
2021-05-21 00:00:00
alpinelinux
alpinelinux
CVE-2020-36242
2021-02-07 20:15:12
CVE-2020-28493
2021-02-01 20:15:12
osv
osv
CVE-2020-36242
2021-02-07 20:15:12
PyCA Cryptography symmetrically encrypting large values can lead to integer overflow
2021-02-10 01:32:27
PYSEC-2021-63
2021-02-07 20:15:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:0696-1)
2021-04-19 00:00:00
Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2021-2178)
2021-07-13 00:00:00
Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2021-2278)
2021-08-09 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: python-cryptography-3.2.1-2.fc33
2021-02-12 01:44:24
[SECURITY] Fedora 33 Update: mingw-python-jinja2-2.11.3-1.fc33
2021-03-15 01:19:56
[SECURITY] Fedora 34 Update: mingw-python-urllib3-1.25.10-3.fc34
2021-06-19 01:09:27
debiancve
debiancve
CVE-2020-36242
2021-02-07 20:15:12
CVE-2020-28493
2021-02-01 20:15:12
CVE-2021-33503
2021-06-29 11:15:07
veracode
veracode
Denial Of Service (DoS)
2021-02-08 06:02:38
Regular Expression Denial Of Service (ReDoS)
2021-02-02 01:28:40
Denial Of Service (DoS)
2021-06-02 08:30:01
cbl_mariner
cbl_mariner
CVE-2020-36242 affecting package python-cryptography 2.3.1-4
2021-03-03 03:44:07
CVE-2021-33503 affecting package python-urllib3 1.25.9-2
2021-08-11 06:39:25
CVE-2021-33503 affecting package python-urllib3 for versions less than 1.25.9-3
2022-04-09 06:51:50
cve
cve
CVE-2020-36242
2021-02-07 20:15:12
CVE-2020-28493
2021-02-01 20:15:12
CVE-2021-33503
2021-06-29 11:15:07
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0400
2021-06-08 00:00:00
Important Photon OS Security Update - PHSA-2021-0266
2021-07-12 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0347
2021-05-19 00:00:00
ubuntucve
ubuntucve
CVE-2020-28493
2021-02-01 00:00:00
CVE-2020-36242
2021-02-07 00:00:00
CVE-2021-33503
2021-06-29 00:00:00
gitlab
gitlab
Regular Expression Denial of Service
2021-02-01 00:00:00
rocky
rocky
python-jinja2 security update
2021-11-09 08:26:43
python-cryptography security, bug fix, and enhancement update
2021-05-18 05:38:36
redhat
redhat
(RHSA-2021:4161) Moderate: python-jinja2 security update
2021-11-09 08:26:43
(RHSA-2021:3473) Moderate: Red Hat Automation Platform 1.2.5 security and bugfixes update
2021-09-08 19:16:20
(RHSA-2021:1608) Moderate: python-cryptography security, bug fix, and enhancement update
2021-05-18 05:38:36
ubuntu
ubuntu
Jinja2 vulnerability
2022-10-26 00:00:00
urllib3 vulnerability
2023-01-19 00:00:00
Jinja2 vulnerabilities
2024-01-25 00:00:00
redhatcve
redhatcve
CVE-2020-28493
2021-02-15 12:33:42
CVE-2021-33503
2021-06-06 01:54:37
CVE-2020-36242
2021-02-08 13:33:48
nvd
nvd
CVE-2020-28493
2021-02-01 20:15:12
CVE-2020-36242
2021-02-07 20:15:12
CVE-2021-33503
2021-06-29 11:15:07
ibm
ibm
Security Bulletin: IBM Security QRadar Network Threat Analytics uses component jinja2 with a denial of service vulnerability (CVE-2020-28493)
2022-09-16 15:41:17
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python cryptography
2021-10-01 06:20:42
Security Bulletin: Vulnerability in Urllib3 affects IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2021-33503)
2021-09-01 09:12:49
prion
prion
Open redirect
2021-06-29 11:15:00
Integer overflow
2021-02-07 20:15:00
Design/Logic Flaw
2021-02-01 20:15:00
redos
redos
ROS-20220125-01
2022-01-25 00:00:00
ROS-20230620-06
2023-06-20 00:00:00
archlinux
archlinux
[ASA-202102-36] python-cryptography: incorrect calculation
2021-02-27 00:00:00
[ASA-202102-19] python-jinja: denial of service
2021-02-07 00:00:00
[ASA-202106-25] python-urllib3: denial of service
2021-06-09 00:00:00
suse
suse
Security update for python-cryptography (important)
2021-02-26 00:00:00
Security update for python-urllib3 (important)
2021-07-10 00:00:00
mageia
mageia
Updated python-cryptography package fixes a security vulnerability
2021-03-12 04:25:47
Updated python-jinja2 packages fix a security vulnerability
2021-04-12 22:59:59
Updated python-urllib3 package fixes security vulnerabilities
2021-07-27 23:21:53
gentoo
gentoo
Jinja: Denial of service
2021-07-08 00:00:00
urllib3: Multiple vulnerabilities
2021-07-15 00:00:00
github
github
Regular Expression Denial of Service (ReDoS) in Jinja2
2021-03-19 21:28:05
PyCA Cryptography symmetrically encrypting large values can lead to integer overflow
2021-02-10 01:32:27
Catastrophic backtracking in URL authority parser when passed URL containing many @ characters
2021-06-01 21:19:32
cvelist
cvelist
CVE-2020-36242
2021-02-07 19:50:57
CVE-2021-33503
2021-06-29 10:55:35
CVE-2020-28493 Regular Expression Denial of Service (ReDoS)
2021-02-01 00:00:00
amazon
amazon
Medium: python-urllib3
2021-07-14 20:40:00
almalinux
almalinux
Moderate: python-jinja2 security update
2021-11-09 08:26:43
Moderate: python-cryptography security, bug fix, and enhancement update
2021-05-18 05:38:36
f5
f5
K23456112 : Python urllib3 vulnerability CVE-2021-33503
2021-11-26 00:00:00
hackerone
hackerone
Internet Bug Bounty: Integer overflow in CipherUpdate
2021-02-27 21:14:37
oraclelinux
oraclelinux
python-cryptography security, bug fix, and enhancement update
2021-05-25 00:00:00
python38:3.8 and python38-devel:3.8 security update
2021-11-16 00:00:00

0.008 Low

EPSS

Percentile

82.3%

JSON
Related for 532726FECC3B1D24D191D2502D19E229E8A42F481E2D82243939EB0E63D6C934
nessus56alpinelinux2osv15openvas41fedora5debiancve3veracode3cbl_mariner4cve3photon9ubuntucve3gitlab1rocky2redhat4ubuntu3redhatcve3nvd3ibm10prion3redos2archlinux4suse2mageia3gentoo2github3cvelist3amazon1almalinux2f51hackerone1oraclelinux2