Security Bulletin: Apache Axis as used in IBM QRadar SIEM is vulnerable to a possible man in the middle attack. (CVE-2012-5784)

Summary

IBM QRadar / QRM / QVM / QRIF / QNI includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools.

Vulnerability Details

CVEID: CVE-2012-5784
**Description:**Apache Axis 1.4, as used in multiple products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject’s Common Name (CN) field of the X.509 certificate. An attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server and launch further attacks against a vulnerable target.
**CVSS Base Score:**4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79829&gt; for the current score
**CVSS Environmental Score:***Undefined
**CVSS Vector:**AV:N/AC:M/Au:N/C:N/I:P/A:N

Affected Products and Versions

• IBM QRadar SIEM 7.2.0 - 7.2.8 Patch 15
• IBM QRadar SIEM 7.3.0 - 7.3.1 Patch 8

Remediation/Fixes

• QRadar / QRM / QVM / QRIF / QNI 7.3.2 GA

Workarounds and Mitigations

For QRadar 7.2.8 Administrators

For users of IBM QRadar SIEM 7.2.8, administrators can mitigate this issue by completing an upgrade to QRadar / QRM / QVM / QRIF / QNI 7.3.2 GA where the vulnerable component has been removed from the product. Apache Axis is used for internal configuration services (IPC), and the deployment editor in 7.2.8. Using the Systems, and License Management icon in the administration panel rather than the Deployment Editor for deployment related changes would help mitigate the risk of CVE-2012-5784. For information on this upgrade path, see the QRadar Upgrade Guide.

For QRadar 7.3.0/7.3.1 Administrators

See the Remediation/Fixes section to get the upgrade to QRadar 7.3.2.