Lucene search

IBMF5CBD2F303434AAD702289426B03DB316B2B849BAC53D85B68671B512B0F6327

HistoryMay 07, 2024 - 8:03 p.m.

Security Bulletin: The Log Source Management App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2024-28849, CVE-2024-29041, CVE-2024-29180)

2024-05-0720:03:13

www.ibm.com

ibm qradar siem

log source management app

vulnerability

cve

node.js

express.js

webpack

update

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

JSON

Summary

The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. Log Source Management App for IBM QRadar SIEM has addressed the applicable CVEs in an update.

Vulnerability Details

CVEID:CVE-2024-28849
**DESCRIPTION:**Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the leakage of credentials when clearing authorization header during cross-domain redirect, but keeping the proxy-authentication header. An attacker could exploit this vulnerability to obtain credentials and other sensitive information.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285690 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2024-29041
**DESCRIPTION:**Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286404 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2024-29180
**DESCRIPTION:**webpack webpack-dev-middleware could allow a remote attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially crafted URL request containing “dot dot” sequences (/…/) to view arbitrary files on the system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286153 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
QRadar Log Source Management App	1.0.0 - 7.0.8

Remediation/Fixes

IBM encourages customers to update their systems promptly.

Update to 7.0.9.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmqradar_network_securityMatch7.0.9

CPENameOperatorVersion
ibm security qradar siemeq7.0.9

CPE	Name	Operator	Version
	ibm security qradar siem	eq	7.0.9

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

JSON

Related for F5CBD2F303434AAD702289426B03DB316B2B849BAC53D85B68671B512B0F6327