Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary

The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools.

Vulnerability Details

CVEID:CVE-2019-20386
**DESCRIPTION:**systemd is vulnerable to a denial of service, caused by a memory leak in the button_open function in login/logind-button.c. By executing the udevadm trigger command, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/175507 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-19126
**DESCRIPTION:**GNU C Library could allow a local attacker to bypass security restrictions, caused by failing to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution. An attacker could exploit this vulnerability to bypass ASLR for a setuid program.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172003 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2020-10754
**DESCRIPTION:**NetworkManager could allow a remote authenticated attacker to bypass security restrictions, caused by improper configuration in the nmcli. By connecting to a network, an attacker could exploit this vulnerability to bypass authentication.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/184636 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2018-20843
**DESCRIPTION:**libexpat is vulnerable to a denial of service, caused by an error in the XML parser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to consume all available CPU resources.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163073 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-15903
**DESCRIPTION:**libexpat is vulnerable to a denial of service, caused by a heap-based buffer over-read in XML_GetCurrentLineNumber. By using a specially-crafted XML input, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/166560 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-14866
**DESCRIPTION:**GNU cpio could allow a local authenticated attacker to gain elevated privileges on the system, caused by the failure to properly validate input files when generating TAR archives. An attacker could exploit this vulnerability to inject any tar content and compromise the system.
CVSS Base score: 6.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/171509 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-12450
**DESCRIPTION:**GNOME GLib could allow a remote attacker to bypass security restrictions, caused by improper permission control in the file_copy_fallback in gio/gfile.c. An attacker could exploit this vulnerability to bypass access restrictions.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/161792 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2019-14822
**DESCRIPTION:**IBus could allow a local authenticated attacker to bypass security restrictions, caused by improper authorization validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to monitor and send method calls to the ibus bus of another user.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/167063 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2019-5482
**DESCRIPTION:**cURL libcurl is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the tftp_receive_packet function. By sending specially-crafted request containing an OACK without the BLKSIZE option, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/166942 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1

IBM QRadar SIEM 7.4.0 to 7.4.1 Patch 1

IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 5

Remediation/Fixes

QRadar / QRM / QVM 7.4.2 Patch 2

QRadar / QRM / QVM 7.4.1 Patch 2

QRadar / QRM / QVM 7.3.3 Patch 7

QRadar incident forensics please use the SFS below

QRadar Incident Forensics / QNI 7.4.2 Patch 2

QRadar Incident Forensics / QNI 7.4.1 Patch 2

QRadar Incident Forensics / QNI 7.3.3 Patch 7

Workarounds and Mitigations

None