Security Bulletin: IBM QRadar SIEM can be affected by several vulnerabilities in the IBM Java Runtime Environment (CVE-2014-0453, CVE-2014-4263, CVE-2014-4244)

2022-02-2317:02:11

www.ibm.com

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.009 Low

EPSS

Percentile

82.0%

JSON

Summary

Previous releases of IBM QRadar Security Information and Event Manager, IBM QRadar Vulnerability Manager and IBM QRadar Risk Manager are affected by multiple vulnerabilities reported in the IBM SDK Java Technology Edition Version 6 and 7.

Vulnerability Details

CVEID: CVE-2014-0453

DESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/92490 for the current score
CVSS Environmental Score:*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID: CVE-2014-4263

DESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94606 for the current score
CVSS Environmental Score:*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID: CVE-2014-4244

DESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94605 for the current score
CVSS Environmental Score:*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

Affected Products and Versions

IBM QRadar SIEM 7.2.3 Patch 4 and below.
IBM QRadar SIEM 7.1 MR2 Patch 8 and below.
IBM QRadar Vulnerability Manager 7.2.3 Patch 4 and below.
IBM QRadar Risk Manager 7.2.3 Patch 4 and below.
IBM QRadar Risk Manager 7.1 MR2 Patch 8 and below.

Remediation/Fixes

The recommended solution is to apply the fix for each named product as soon as practical. Please see below for information about the fixes available.

Product	Remediation/First Fix

IBM QRadar SIEM 7.2.3
IBM QRadar Vulnerability Manager 7.2.3
IBM QRadar Risk Manager 7.2.3
| IBM QRadar SIEM 7.2.4 Patch 1
IBM QRadar SIEM 7.1 MR2
IBM QRadar Risk Manager 7.1 MR2
| IBM QRadar SIEM 7.1 MR2 Patch 9

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security qradar siemeq7.1
ibm security qradar siemeq7.2
ibm security qradar risk managereq7.1
ibm security qradar risk managereq7.2
ibm security qradar vulnerability managereq7.2

Name	Operator	Version
ibm security qradar siem	eq	7.1
ibm security qradar siem	eq	7.2
ibm security qradar risk manager	eq	7.1
ibm security qradar risk manager	eq	7.2
ibm security qradar vulnerability manager	eq	7.2