IBMF3F7AB094F1802B560259C8807609215F8218604C9554FA2FEEA270511084698Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
36.3%
Summary
The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs.
Vulnerability Details
CVEID:CVE-2023-38263
**DESCRIPTION:**IBM SOAR QRadar Plugin App could allow an authenticated user to perform unauthorized actions due to improper access controls.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/260577 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
CVEID:CVE-2023-38019
**DESCRIPTION:**IBM SOAR QRadar Plugin App could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/…/) to view arbitrary files on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/260575 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
CVEID:CVE-2023-46136
**DESCRIPTION:**Pallets Werkzeug is vulnerable to a denial of service, caused by a flaw when parsing multipart/form-data containing a large part with CR/LF character at the beginning. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/269739 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-43804
**DESCRIPTION:**urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw with cookie request header not stripped during cross-origin redirects. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268192 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N)
CVEID:CVE-2023-37920
**DESCRIPTION:**An unspecified error with the removal of e-Tugra root certificate in Certifi has an unknown impact and attack vector.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261639 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID:CVE-2023-38020
**DESCRIPTION:**IBM SOAR QRadar Plugin App could allow an authenticated user to manipulate output written to log files.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/260576 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM SOAR QRadar Plugin App | 1.0 - 5.0.3 |
Remediation/Fixes
Follow this link to update to 5.3.1.
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security qradar siem | eq | 5.0.0 |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
36.3%