Security Bulletin: IBM Security SOAR is using a version of Elasticsearch that has known vulnerabilities (CVE-2021-22137, CVE-2021-22135)

Summary

IBM Security SOAR is using a version of Elasticsearch that has known vulnerabilities. A recent update has addressed these issues.

Vulnerability Details

CVEID:CVE-2021-22137
**DESCRIPTION:**Elasticsearch could allow a remote authenticated attacker to obtain sensitive information, caused by an error when using Document or Field Level Security. By executing certain cross-cluster search queries, an attacker could exploit this vulnerability to discover the existence of documents, and use this information to launch further attacks against the affected system.
CVSS Base score: 2.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201915 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N)

CVEID:CVE-2021-22135
**DESCRIPTION:**Elasticsearch could allow a remote authenticated attacker to obtain sensitive information, caused by an error in suggester and profile API when Document and Field Level Security are enabled. By sending a specific query, an attacker could exploit this vulnerability to discover the existence of documents, and use this information to launch further attacks against the affected system.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201914 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Remediation/Fixes

Users must upgrade to v42.0 or higher of IBM Resilient in order to obtain a fix for this vulnerability. You can upgrade the platform and apply the security updates by following the instructions in the “Upgrade Procedure” section in the IBM Documentation.

NOTE: IBM Security SOAR is not directly affected by these vulnerabilities. Access to the Elasticsearch is through internal, trusted APIs only.

Workarounds and Mitigations

None