Security Bulletin: IBM Security QRadar EDR Software has weaker than expected security due to an included component (CVE-2024-39689)

Summary

IBM Security QRadar EDR Software includes a vulnerable component (e.g., framework library) that could be identified and exploited with automated tools. This has been addressed in an update.

Vulnerability Details

CVEID:CVE-2024-39689
**DESCRIPTION:**Certifi python-certifi could provide weaker than expected security, caused by the use of GLOBALTRUST root certificate. An attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/297375 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

Remediation/Fixes

IBM encourages customers to update their systems promptly.

The IBM Security QRadar EDR operator can be upgraded automatically when new compatible versions are available. However, you can control whether an operator is upgraded automatically by setting an approval strategy.

Two approval strategies are available:

• Automatic (default) - New operator versions are installed automatically when they are available on the subscription channel.
• Manual - When a new operator version is available on the subscription channel, the subscription indicates that an update is available, but you must approve the update manually.

For more information about the manual installation process, view Installing QRadar EDR.

Workarounds and Mitigations

None