7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.008 Low
EPSS
Percentile
81.0%
IBM QRadar Network Security has addressed vulnerability in BusyBox. The issue could lead to denial of service.
CVEID:CVE-2021-28831
**DESCRIPTION:**BusyBox is vulnerable to a denial of service, caused by the mishandling of the error bit on the huft_build result pointer in decompress_gunzip.c. By persuading a victim to open a specially-crafted gzip data, a remote attacker could exploit this vulnerability to cause an invalid free or segmentation fault, and results in a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/198461 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
IBM QRadar Network Security 5.4.0
IBM QRadar Network Security 5.5.0
IBM encourages customers to update their systems promptly.
Product
|
VRMF
|
Remediation/First Fix
—|—|—
IBM QRadar Network Security
|
5.4.0
|
Install Firmware 5.4.0.16 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector.
Or
Download Firmware 5.4.0.16 from IBM Security License Key and Download Center and upload and install via the Available Updates page of the Local Management Interface.
IBM QRadar Network Security
|
5.5.0
|
Install Firmware 5.5.0.11 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector.
Or
Download Firmware 5.5.0.11 from IBM Security License Key and Download Center and upload and install via the Available Updates page of the Local Management Interface.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm qradar network security | eq | 5.4.0 | |
ibm qradar network security | eq | 5.5.0 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.008 Low
EPSS
Percentile
81.0%