Security Bulletin: IBM Security SOAR is using a version of Elasticsearch that has known vulnerabilities (CVE-2021-22137, CVE-2021-22135)

Summary IBM Security SOAR is using a version of Elasticsearch that has known vulnerabilities. A recent update has addressed these issues. Vulnerability Details CVEID: CVE-2021-22137 DESCRIPTION: Elasticsearch could allow a remote authenticated attacker to obtain sensitive information, caused by a...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security SOAR (CVE-2021-2341, CVE-2021-2369)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by IBM Security SOAR. IBM has addressed the applicable CVEs CVE-2021-2341, CVE-2021-2369. Vulnerability Details CVEID: CVE-2021-2369 DESCRIPTION: An...

CVE-2021-29780

IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authenticated user to perform actions that they should not have access to due to improper input validation. IBM X-Force ID: 203085...

CVE-2021-29780

IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authenticated user to perform actions that they should not have access to due to improper input validation. IBM X-Force ID: 203085...

Input validation

IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authenticated user to perform actions that they should not have access to due to improper input validation. IBM X-Force ID: 203085...

Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities - Eclipse Jetty ( CVE-2021-28163, CVE-2021-28165, CVE-2020-27223)

Summary IBM Security SOAR includes an older version of Eclipse Jetty that may be identified and exploited. Vulnerability Details CVEID: CVE-2021-28163 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the $jetty.base...

Security Bulletin: Resilient supports TLS1.2 ciphers that are not enabled for Perfect Forward Secrecy (PFS) (CVE-2021-20566)

Summary Resilient supports TLS1.2 ciphers that are not enabled for Perfect Forward Secrecy PFS. Such ciphers could allow an attacker who has recorded encrypted traffic and later obtains the server's key to decrypt highly sensitive information. Vulnerability Details CVEID: CVE-2021-20566...

Security Bulletin: Resilient App Host secrets are not encrypted (CVE-2021-20567)

Summary Resilient App Host is a Kubernetes-based container deployment environment that hosts Resilient app containers. By default, the secrets are not encrypted, and can be viewed in the clear by the "root" user. Vulnerability Details CVEID: CVE-2021-20567 DESCRIPTION: IBM Resilient OnPrem could...

Security Bulletin: Resilient OnPrem versions 30.x are affected by vulnerabilities in dependent libraries

Summary Security Bulletin: Resilient OnPrem versions 30.x are affected by vulnerabilities in dependent libraries Vulnerability Details Summary Resilient OnPrem v31.0 has addressed vulnerabilities in a number of dependent libraries. Vulnerability Details CVEID: CVE-2017-9735 DESCRIPTION: Jetty cou...

Security Bulletin: Resilient OnPrem is affected by the use of hard-code credentials in its internal email server

Summary Security Bulletin: Resilient OnPrem is affected by the use of hard-code credentials in its internal email server Vulnerability Details Summary Resilient OnPrem has removed the use of hard-coded credentials. Vulnerability Details CVEID: CVE-2019-4534 DESCRIPTION: IBM Resilient OnPrem...

Security Bulletin: IBM Resilient SOAR is using opensaml-2.6.4.jar that could be vulnerable to bypass security restrictions (CVE-2015-1796)

Summary opensaml-2.6.4.jar vulnerable to CVE-2015-1796, Shibboleth Identity Provider could allow a remote attacker to bypass security restrictions, caused by an error in the PKIX trust component. An attacker could exploit this vulnerability using a certificate issued by the shibmd:KeyAuthority...

CVE-2020-4636

IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503...

CVE-2020-4636

IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503...

Design/Logic Flaw

IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503...

Security Bulletin: IBM Resilient SOAR could allow a privileged user to inject malicious commands through Python3 scripting (CVE-2020-4636).

Summary It was possible for a privileged user to inject malicious commands through Python3 scripting, using the sys module, in a Beta version of Resilient. Vulnerability Details CVEID: CVE-2020-4636 DESCRIPTION: IBM Resilient could allow a privileged user to inject malicious commands through...

Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Plexus-utils (CVE-2017-1000487)

Summary Plexus-utils could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input. By sending contents with double quoted strings, an attacker could exploit this vulnerability to execute arbitrary commands on the system...

Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Apache Tomcat 7.099 (CVE-2020-13935)

Summary Apache Tomcat 7.099 is vulnerable to a denial of service, caused by improper validation of the payload length in a WebSocket frame. By sending multiple requests with invalid payload lengths, a remote attacker could exploit this vulnerability to cause the application to enter into an...