IBM Security SOAR is using a version of Elasticsearch that has known vulnerabilities. A recent update has addressed these issues.
CVEID:CVE-2021-22137
**DESCRIPTION:**Elasticsearch could allow a remote authenticated attacker to obtain sensitive information, caused by an error when using Document or Field Level Security. By executing certain cross-cluster search queries, an attacker could exploit this vulnerability to discover the existence of documents, and use this information to launch further attacks against the affected system.
CVSS Base score: 2.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201915 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N)
CVEID:CVE-2021-22135
**DESCRIPTION:**Elasticsearch could allow a remote authenticated attacker to obtain sensitive information, caused by an error in suggester and profile API when Document and Field Level Security are enabled. By sending a specific query, an attacker could exploit this vulnerability to discover the existence of documents, and use this information to launch further attacks against the affected system.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201914 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
Resilient OnPrem | IBM Security SOAR |
Users must upgrade to v42.0 or higher of IBM Resilient in order to obtain a fix for this vulnerability. You can upgrade the platform and apply the security updates by following the instructions in the “Upgrade Procedure” section in the IBM Documentation.
NOTE: IBM Security SOAR is not directly affected by these vulnerabilities. Access to the Elasticsearch is through internal, trusted APIs only.
None