CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
39.1%
IBM QRadar SIEM on Azure Cloud deployed from Azure Marketplace is vulnerable to a remote code execution issue found within the Microsoft Open Management Infrastructure (OMI). The information below shows how to remove this vulnerable component.
CVEID:CVE-2024-21334
**DESCRIPTION:**Microsoft Open Management Infrastructure could allow a remote attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284519 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM QRadar SIEM (On Azure Marketplace) | 7.3.3 - 7.5.0 |
Users who installed QRadar from the Azure Marketplace prior to 7.5.0 may find vulnerable versions of OMI on their QRadar deployment. This package can be safely removed to remediate the vulnerability.
Removing the OMI package will remove its dependencies – omsagent, omsconfig, and scx. It is safe uninstall these dependencies.
To confirm if your install is affected, run the following command:
rpm -qa | grep -i omi
If this command returns the OMI package, ex: omi-1.6.3-0.x86-64 you can remove it with the following command including the dependencies omsagent, omsconfig, and scx:
yum remove omi
You can verify the package is removed by running the following command and verifying that the OMI package is no longer found:
rpm -qa | grep -i omi
No service restart or deploy is required because OMI packages are independent of QRadar.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | qradar_network_security | 7.3.3 | cpe:2.3:a:ibm:qradar_network_security:7.3.3:*:*:*:*:*:*:* |
ibm | qradar_network_security | 7.5.0 | cpe:2.3:a:ibm:qradar_network_security:7.5.0:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
39.1%