Security Bulletin: SQL Injection and Incorrect Handling of SSH Connection vulnerability in QRadar (CVE-2014-4824, CVE-2014-4826)

Summary

IBM QRadar 7.2 MR2 contains SQL Injection and Incorrect Handling of SSH Connection vulnerabilities .

Vulnerability Details

CVE ID:CVE-2014-4824

**DESCRIPTION:**IBM QRadar is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

The attack requires authentication, but not local network access or specialized knowledge and techniques. An exploit could affect the integrity of data, confidentiality of information, and the availability of the system.

CVSS:
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95574 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVE ID:CVE-2014-4826

**DESCRIPTION:**IBM QRadar is vulnerable due to incorrect handling of SSH connections. A remote attacker could exploit this vulnerability by capturing network traffic to obtain plain-text credentials and other sensitive information.

The attack does not require local network access or authentication, but some specialized knowledge and techniques are required. An exploit would not affect the integrity of data or availability of the system, but it could impact the confidentiality of information.

CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95576 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Affected Products and Versions

IBM QRadar 7.2 MR2

Remediation/Fixes

• IBM QRadar 7.2 MR3 - QRadar 7.2.3 Patch 1

NOTE: For the SSH connection vulnerability, view the IBM QRadar Admin Guide for 7.2 MR3 in the Create Scan Profiles for help on how to configure SSH keys for scanner profiles.

Workarounds and Mitigations

None