5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.042 Low
EPSS
Percentile
92.0%
Previous releases of IBM QRadar Security Information and Event Manager and IBM Security QRadar Risk Manager are affected by a vulnerability reported in 3rd party code. This is in regards to a denial of service vulnerability.
CVE ID: CVE-2012-5081
DESCRIPTION:
A vulnerability in the JDK’s TLS implementation can impact the availability of the Jazz server bundled with QRadar SIEM and QRadar Risk Manager preventing users from logging in. The attacker can conduct the attack over the internet. No authentication is required for this attack. No specialized knowledge of QRadar SIEM or QRadar Risk Manager is necessary to conduct this attack.
CVSS:
_CVSS Base Score: 5
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/79435>__ for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Running on Linux - RedHat 6:
IBM Security QRadar SIEM and IBM Security QRadar Risk Manager version 7.1 and 7.1 MR1
The recommended solution is to apply the fix for each named product as soon as practical. Please see below for information about the fixes available.** **
Vendor Fix(es):
_For _QRadar SIEM and QRadar Risk Manager v. 7.1 and 7.1 MR1
· _Upgrade to _QRadar SIEM _and QRadar Risk Manager 7.1 MR2
_
If you are unable to upgrade, contact IBM Technical Support.
Not applicable; upgrade to QRadar SIEM or QRadar Risk Manager 7.1 MR2
CPE | Name | Operator | Version |
---|---|---|---|
ibm security qradar siem | eq | 7.1 | |
ibm security qradar risk manager | eq | 7.1 |