Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA9E95ACFA12F14901F06AEB72CE135C981AC1F52E5EEB65793FACC0F0CBD2136
HistoryNov 09, 2022 - 6:42 p.m.

Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities.

2022-11-0918:42:35
www.ibm.com
14

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.9%

JSON

Summary

The product includes multiple vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM has addressed the relevant CVEs.

Vulnerability Details

CVEID:CVE-2022-29154
**DESCRIPTION:**Rsync could allow a remote attacker to bypass security restrictions, caused by improper validation of file names. By utilize man-in-the-middle attack techniques, an attacker could exploit this vulnerability to write arbitrary files inside the directories of connecting peers.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/232637 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2022-38177
**DESCRIPTION:**ISC BIND is vulnerable to a denial of service, caused by a small memory leak in the DNSSEC verification code for the ECDSA algorithm. By spoofing the target resolver with responses that have a malformed ECDSA signature, a remote attacker could exploit this vulnerability to cause named to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236705 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-40674
**DESCRIPTION:**libexpat could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the doContent function in xmlparse.c. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236116 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-2526
**DESCRIPTION:**systemd could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw due to the on_stream_io() function and dns_stream_complete() function in “resolved-dns-stream.c” not incrementing the reference counting for the DnsStream object. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235161 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM QRadar Network Packet Capture 7.4.0 - 7.4.3 Fix Pack 5
IBM QRadar Network Packet Capture 7.5.0 - 7.5.0 Update Package 2

Remediation/Fixes

​IBM encourages customers to update their systems promptly.

Product Version Fix
IBM QRadar Network Packet Capture 7.4. IBM QRadar Network Packet Capture 7.4.3 Fix Pack 6
IBM QRadar Network Packet Capture 7.5 IBM QRadar Network Packet Capture 7.5.0 Update Package 3

Workarounds and Mitigations

None

Related

photon 2
ibm 8
nessus 70
redhat 26
cbl_mariner 5
openvas 21
cloudfoundry 1
osv 14
prion 4
alpinelinux 2
ubuntucve 2
redhatcve 3
f5 2
veracode 3
debiancve 2
cve 3
almalinux 6
oraclelinux 8
mageia 3
amazon 2
suse 2
broadcom 1
ubuntu 1
freebsd 2
fedora 1
rosalinux 1
cloudlinux 1
rocky 2
slackware 1
photon
photon
Critical Photon OS Security Update - PHSA-2022-3.0-0456
2022-09-21 00:00:00
Critical Photon OS Security Update - PHSA-2022-0249
2022-09-21 00:00:00
ibm
ibm
Security Bulletin: Multiple Security vulnerabilities fixed and shipped with IBM Security Verify Bridge (Docker version) (CVE-2022-2175, CVE-2022-2526, CVE-2022-40674, CVE-2022-3515)
2023-03-07 19:58:35
Security Bulletin: Vulnerability in bind affects IBM Integrated Analytics System [CVE-2022-38177]
2023-01-03 10:16:51
Security Bulletin: IBM Tivoli Monitoring is vulnerable to remote code execution [CVE-2022-40674]
2022-12-30 17:31:59
nessus
nessus
RHEL 8 : Red Hat Virtualization Host security update [ovirt-4.5.3-1] (Important) (RHSA-2022:8598)
2022-11-23 00:00:00
AlmaLinux 8 : systemd (ALSA-2022:6206)
2022-09-07 00:00:00
RHEL 8 : systemd (RHSA-2022:6206)
2022-08-30 00:00:00
redhat
redhat
(RHSA-2022:8598) Important: Red Hat Virtualization Host security update [ovirt-4.5.3-1]
2022-11-22 14:36:26
(RHSA-2022:6287) Moderate: OpenShift Container Platform 4.11.3 packages and security update
2022-09-07 20:37:32
(RHSA-2022:6317) Important: OpenShift Container Platform 4.9.48 bug fix and security update
2022-09-12 12:16:44
cbl_mariner
cbl_mariner
CVE-2022-38177 affecting package bind 9.16.29-2
2022-12-09 00:19:53
CVE-2022-38177 affecting package bind 9.16.27-1
2022-11-24 00:45:37
CVE-2022-40674 affecting package expat 2.4.8-1
2022-09-23 18:23:13
openvas
openvas
ISC BIND DoS Vulnerability (CVE-2022-38177) - Linux
2022-09-23 00:00:00
Ubuntu: Security Advisory (USN-5583-1)
2022-08-31 00:00:00
ISC BIND DoS Vulnerability (CVE-2022-38177) - Windows
2022-09-23 00:00:00
cloudfoundry
cloudfoundry
USN-5583-1: systemd vulnerability | Cloud Foundry
2022-09-29 00:00:00
osv
osv
Important: systemd security update
2022-08-29 00:00:00
CVE-2022-38177
2022-09-21 11:15:09
expat vulnerability
2022-09-26 14:19:17
prion
prion
Memory corruption
2022-09-21 11:15:00
Input validation
2022-08-02 15:15:00
Design/Logic Flaw
2022-09-09 15:15:00
alpinelinux
alpinelinux
CVE-2022-38177
2022-09-21 11:15:00
CVE-2022-40674
2022-09-14 11:15:00
ubuntucve
ubuntucve
CVE-2022-38177
2022-09-21 00:00:00
CVE-2022-2526
2022-08-24 00:00:00
redhatcve
redhatcve
CVE-2022-38177
2022-09-21 13:19:11
CVE-2022-40674
2022-09-29 05:18:54
CVE-2022-29154
2022-08-02 13:40:01
f5
f5
K27155546 : BIND vulnerability CVE-2022-38177
2022-10-19 00:00:00
K44454157 : Expat vulnerability CVE-2022-40674
2022-10-31 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-09-23 08:48:43
Directory Traversal
2022-08-09 00:45:20
Use-After-Free
2022-09-15 08:37:15
debiancve
debiancve
CVE-2022-38177
2022-09-21 11:15:00
CVE-2022-40674
2022-09-14 11:15:00
cve
cve
CVE-2022-38177
2022-09-21 11:15:00
CVE-2022-40674
2022-09-14 11:15:00
CVE-2022-2526
2022-09-09 15:15:00
almalinux
almalinux
Important: expat security update
2022-10-06 00:00:00
Important: systemd security update
2022-08-29 00:00:00
Important: firefox security update
2022-10-18 00:00:00
oraclelinux
oraclelinux
expat security update
2022-10-29 00:00:00
systemd security update
2022-08-29 00:00:00
systemd security update
2022-08-25 00:00:00
mageia
mageia
Updated expat packages fix security vulnerability
2022-10-01 20:48:24
Updated thunderbird packages fix security vulnerability
2022-10-28 09:54:08
Updated firefox packages fix security vulnerability
2022-10-28 09:54:08
amazon
amazon
Important: expat
2022-10-31 19:40:00
Important: rsync
2022-10-31 19:40:00
suse
suse
Security update for rsync (important)
2022-09-01 00:00:00
Security update for expat (important)
2022-10-17 00:00:00
broadcom
broadcom
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers.
2023-08-01 00:00:00
ubuntu
ubuntu
systemd vulnerability
2022-08-29 00:00:00
freebsd
freebsd
rsync -- client-side arbitrary file write vulnerability
2022-08-02 00:00:00
expat -- Heap use-after-free vulnerability
2022-09-14 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: expat-2.4.9-1.fc36
2022-10-07 15:56:55
rosalinux
rosalinux
Advisory ROSA-SA-2023-2168
2023-06-20 09:22:31
cloudlinux
cloudlinux
Fixed CVE-2022-40674 in expat
2022-09-26 11:53:23
rocky
rocky
firefox security update
2022-10-18 17:41:04
expat security update
2022-10-11 12:38:26
slackware
slackware
[slackware-security] expat
2022-09-20 22:58:31

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.9%

JSON
Related for A9E95ACFA12F14901F06AEB72CE135C981AC1F52E5EEB65793FACC0F0CBD2136
photon2ibm8nessus70redhat26cbl_mariner5openvas21cloudfoundry1osv14prion4alpinelinux2ubuntucve2redhatcve3f52veracode3debiancve2cve3almalinux6oraclelinux8mageia3amazon2suse2broadcom1ubuntu1freebsd2fedora1rosalinux1cloudlinux1rocky2slackware1