Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM QRadar SIEM and QRadar Incident Forensics.

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM QRadar SIEM and Incident Forensics. IBM QRadar SIEM and Incident Forensics has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened encryption"...

Security Bulletin: Vulnerability in IBM Java SDK affects IBM QRadar SIEM and Incident Forensics. (CVE-2015-7575)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6 and 7 that is used by IBM QRadar SIEM and Incident Forensics. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM Java SDK updates in January 2016. Vulnerability Details CVEID:...

Security Bulletin: GNU C library (glibc) vulnerability affects IBM QRadar SIEM and Incident Forensics (CVE-2015-7547)

Summary A GNU C library glibc stack-based buffer overflow in getaddrinfo vulnerability affects IBM QRadar SIEM and Incident Forensics. Vulnerability Details CVEID: CVE-2015-7547 DESCRIPTION: GNU C Library glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by...

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM QRadar SIEM, and QRadar Incident Forensics (CVE-2015-7575)

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM QRadar SIEM and QRadar Incident Forensics. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a...

Security Bulletin: Vulnerability in Apache Commons could affect IBM QRadar SIEM and IBM QRadar Incident Forensics. (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM QRadar SIEM and IBM QRadar Incident Forensics. Vulnerability Details VULNERABILITY DETAILS CVE-ID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker ...

Security Bulletin: IBM QRadar Incident Forensics is vulnerable to a cacheable SSL Page issue. (CVE-2015-1996)

Summary Cacheable SSL pages exist in QRadar Incident Forensics Vulnerability Details CVE-ID: CVE-2015-1996 Description: IBM QRadar Incident Forensics could allow a local user to obtain sensitive information due to cacheable SSL pages that have been stored locally. CVSS Base Score: 2.1 CVSS Tempor...

Security Bulletin: IBM QRadar Incident Forensics is vulnerable to SQL Injection. (CVE-2015-1989)

Summary IBM QRadar Incident Forensics is susceptible to a specially-crafted SQL statement attack. Vulnerability Details CVE-ID: CVE-2015-1989 Description: IBM QRadar Incident Forensics is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow...

Security Bulletin: IBM QRadar Incident Forensics is vulnerable to a cross site scripting attack. (CVE-2015-1995)

Summary Several locations in QRadar Incident Forensics could allow attackers to insert JavaScript thus modifying the UI functionality. Vulnerability Details CVE-ID: CVE-2015-1995 Description: IBM QRadar Incident Forensics is vulnerable to cross-site scripting, caused by improper validation of...

Security Bulletin: IBM QRadar Incident Forensics is vulnerable to a man in the middle attack. (CVE-2015-1993)

Summary Several cookies in QRadar Incident Forensics are missing the secure attribute. This allows attackers with Man in The Middle position access to steal the cookie value by tricking the victim to navigate to the site on an unencrypted connection. Vulnerability Details CVE-ID: CVE-2015-1993...

Security Bulletin: IBM QRadar Incident Forensics is vulnerable to session highjacking. (CVE-2015-1994)

Summary IBM QRadar incident forensics authorization cookie is missing the httponly attribute. Vulnerability Details CVE-ID: CVE-2015-1994 Description: IBM Qradar Incident Forensics could allow a remote attacker to obtain sensitive information, caused by the failure to set the httponly attribute f...

Security Bulletin: IBM QRadar Incident Forensics is vulnerable to a man in the middle attack. (CVE-2015-1999)

Summary Sensitive parameters were passed in the request query to QRadar Incident Forensics Vulnerability Details VULNERABILITY DETAILS CVE-ID: CVE-2015-1999 Description: IBM QRadar could allow an attacker to obtain sensitive information such as sessionIDs through a query of an SSL request...

Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM QRadar SIEM, and QRadar Incident Forensics. (CVE-2015-4000, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. OpenSSL is used by IBM QRadar SIEM, and QRadar Incident Forensics. IBM QRadar SIEM, and Incident...

Security Bulletin: IBM QRadar Incident Forensics 7.2.4 is vulnerable to a cross site scripting vulnerability. (CVE-2015-1919)

Summary A cross site scripting vulnerability was found to affect IBM QRadar Incident Forensics. Vulnerability Details CVEID: CVE-2015-1919 DESCRIPTION: IBM QRadar Incident Forensics is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker coul...

Security Bulletin: Vulnerability in SSLv3 affects IBM QRadar Incident Forensics. (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM QRadar Incident Forensics. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensiti...

Apple Removes iPhone USB Access Feature, Blocking Out Hackers, Law Enforcement

Apple said an upcoming iOS software update will remove the infamous iPhone USB access feature, blocking out both hackers – and law enforcement – from accessing a locked phones’ data via the device port. Apple confirmed that new upcoming default settings will disable the iPhone’s Lightning port, i...

DARKSURGEON - A Windows Packer Project To Empower Incident Response, Digital Forensics, Malware Analysis, And Network Defense

DARKSURGEON is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense. DARKSURGEON has three stated goals: Accelerate incident response, digital forensics, malware analysis, and network defense with a preconfigured Windows 10 environment...

Sql injection

RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain...

CVE-2018-1252 RSA Web Threat Detection SQL Injection Vulnerability

RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain...

CVE-2018-1252

CVE-2018-1252 affects RSA Web Threat Detection versions prior to 6.4, where an SQL injection vulnerability exists in the Administration and Forensics applications. An authenticated attacker with low privileges could supply specially crafted input to exploit this flaw and execute SQL commands on t...

RSA Web Threat Detection SQL Injection Vulnerability

EMC RSA Web Threat Detection is a big data and security analytics solution from EMC. The solution detects cybercrime using Web session intelligence and real-time behavioral analysis. An SQL injection vulnerability exists in the Administration and Forensics applications in EMC RSA Web Threat...