IBM9C7DDDAC04B16FB66759848869C9BB73ECA2D177083A530A6506CD6C2AD4EEE7Security Bulletin: Multiple vulnerabilities in PHP as used by IBM QRadar Incident Forensics 7.2 MR2. (CVE-2014-3515, CVE-2014-4049, CVE-2014-3981, CVE-2014-0238, CVE-2014-0237, CVE-2014-4721)
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Summary
The PHP language version used by IBM QRadar Incident Forensics 7.2 MR2 contains multiple vulnerabilities.
Vulnerability Details
CVE ID:CVE-2014-3515
DESCRIPTION:
PHP could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion when performing an unserialized call to certain objects. An attacker could exploit this vulnerability to execute arbitrary code on the system.
The attack does not require local network access, authentication, or specialized knowledge and techniques. An exploit could affect the confidentiality of information, the integrity of data and the availability of the system.
CVSS:
CVSS Base Score: 7.5
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/94107 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-ID:CVE-2014-4049
DESCRIPTION:
PHP is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when parsing DNS TXT records. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash**.**
The attack does not require local network access, authentication, or specialized knowledge and techniques. An exploit could affect the confidentiality of information, the integrity of data and the availability of the system.
CVSS:
CVSS Base Score: 7.5
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/93769 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-ID: CVE-2014-3981
DESCRIPTION:
PHP could allow a local attacker to launch a symlink attack. Acinclude.m4, as used in the configure script creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges.
The attack does not require authentication, but local network access and a moderate degree of specialized knowledge and techniques are required. An exploit would not affect the confidentiality of information, but it could impact the integrity of data and the availability of the system.
CVSS:
CVSS Base Score: 3.3
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/93652 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P)
CVE-ID: CVE-2014-0238
DESCRIPTION:
PHP is vulnerable to a denial of service, caused by an error in the cdf_read_property_info function. An attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
The attack does not require local network access, authentication, or specialized knowledge and techniques. An exploit would not affect the integrity of data or confidentiality of information, but it could impact the availability of the system.
CVSS:
CVSS Base Score: 5.0
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/93755 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-ID: CVE-2014-0237
DESCRIPTION:
PHP is vulnerable to a denial of service, caused by an error in the cdf_unpack_summary_info function. An attacker could exploit this vulnerability to cause a performance degradation.
The attack does not require local network access, authentication, or specialized knowledge and techniques. An exploit would not affect the integrity of data or confidentiality of information, but it could impact the availability of the system.
CVSS:
CVSS Base Score: 5.0
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/93757 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-ID: CVE-2014-4721
DESCRIPTION:
PHP could allow a remote attacker to obtain sensitive information, caused by an error in the /ext/standard/info.c file when handling multiple variables. An attacker could exploit this vulnerability to obtain the SSL RSA key and other sensitive information.
The attack does not require local network access, authentication, or specialized knowledge and techniques. . An exploit would not affect the integrity of data or availability of the system, but it could impact the confidentiality of information.
CVSS:
CVSS Base Score: 5.0
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/94287 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Affected Products and Versions
IBM QRadar Incident Forensics 7.2 MR2
Remediation/Fixes
The recommended solution is to apply the fix for each named product as soon as practical. Please see below for information about the fixes available.
For QRadar Incident Forensics 7.2 MR2
- Upgrade to IBM QRadar Incident Forensics 7.2 MR3
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security qradar incident forensics | eq | 7.2.2 |
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P