Security Bulletin: IBM QRadar SIEM is vulnerable to side channel attack with Intel CPUs (CVE-2019-11135)

Summary

IBM QRadar SIEM when using Intel CPUs could allow a local authenticated attacker to obtain sensitive information

Vulnerability Details

CVEID:CVE-2019-11135
**DESCRIPTION:**Multiple Intel CPUs could allow a local authenticated attacker to obtain sensitive information, caused by a TSX Asynchronous Abort condition. By using side channel attacks, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/175029 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)

Affected Products and Versions

· IBM QRadar 7.3.0 to 7.3.3 Patch 1

Remediation/Fixes

· QRadar / QRM / QVM / QNI 7.4.0 GA (SFS)
· QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 2 (SFS)
· QRadar / QRM / QVM / QRIF / QNI 7.3.2 Patch 7(SFS)
· QRadar Incident Forensics 7.4.0 (ISO)
· QRadar Incident Forensics 7.4.0 (SFS)

NOTE: Administrators with QRadar Incident Forensics should be aware that a new ISO and SFS file are published to IBM Fix Central for QRadar Incident Forensics 7.4.0 versions

Workarounds and Mitigations

None