Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2019-19012 DESCRIPTION: Oniguruma is vulnerable to a denial of service, caused by an integer...

Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2024-39338, CVE-2024-4068, CVE-2021-23727)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw...

Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Assistant App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-38900 DESCRIPTION: decode-uri-component is...

Vulnerabilities fixed in IBM QRadar SIEM

IBM fixed vulnerabilities in subcomponents of QRadar SIEM: Data Synchronization App, Use Case Manager app, QRadar Assistant app, Data Synchronization app and Wincollect agent. A malicious party can exploit the vulnerabilities to cause a denial-of-service, to gain access to sensitive data, or to...

Vulnerabilities fixed in IBM QRadar SIEM

IBM has fixed vulnerabilities in QRadar SIEM and in the QRadar Assistant App. A malicious party could potentially exploit them for attacks that could result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...

Security Bulletin: IBM QRadar Assistant app for IBM QRadar SIEM includes components with multiple known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has released a new version which addresses the vulnerabilities. Vulnerability Details CVEID:CVE-2021-42581 DESCRIPTION: Ramda could allow a remote attacker t...