Security Bulletin: IBM QRadar SIEM is vulnerable to OS Command Injection (CVE-2018-1571) (Updated 9/12/2018)

Summary

User-supplied data may be passed to a system shell. Attackers could execute arbitrary commands on the system.

Vulnerability Details

CVEID: CVE-2018-1571
**Description:**IBM QRadar could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
**CVSS Base Score:**8.80
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143121&gt; for the current score
**CVSS Environmental Score:***Undefined
**CVSS Vector:**CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products and Versions

IBM QRadar SIEM 7.3.0 to 7.3.1 Patch 4

IBM QRadar SIEM 7.2.0 to 7.2.8 Patch 13

Remediation/Fixes

QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 5

QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 13 Interim Fix 1

NOTE: QRadar administrators who want to install 7.2.8 Patch 13 Interim Fix 1 should be aware that you must first be at QRadar 7.2.8 Patch 13 before you can update to Interim Fix 1. Interim fixes can only be applied to a specific patch level and you might be required to update to a minimum version before you can install an interim fix to your QRadar deployment. For a full list of QRadar software, see: <https://ibm.biz/qradarsoftware&gt;.

Workarounds and Mitigations

None