High Severity

IBM Security Bulletin: IBM QRadar SIEM is vulnerable to 3RD PARTY CPU hardware utilizing speculative execution cache timing side-channel analysis known as Variant 4 or SpectreNG (CVE-2018-3639, CVE-2018-3640)

Share this post:

Speculative execution is a technique used by many modern processors to improve performance by predicting which instructions may be executed based on past execution history. An attacker with local user access may be able to utilize sequences of speculative execution to perform a cache timing side-channel analysis.

CVE(s): CVE-2018-3639, CVE-2018-3640

Affected product(s) and affected version(s):

  • IBM QRadar SIEM 7.2.0 to 7.2.8 Patch 14
  • IBM QRadar SIEM 7.3.0 to 7.3.1 Patch 6

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10796076&myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E

More stories

Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM InfoSphere Information Server

Jul 28, 2021 4:00 pm EDT | High Severity

Multiple vulnerabilities in OpenSSL used by IBM InfoSphere Information Server were addressed. ...read more

Security Bulletin: glibc vulnerability affects IBM Elastic Storage System (CVE-2021-27219)

Jul 28, 2021 3:57 pm EDT | High Severity

IBM Elastic Storage System is shipped with GNU glibc, for which a fix is available for a security vulnerability. ...read more

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Elastic Storage System (CVE-2020-5258)

Jul 28, 2021 3:54 pm EDT | High Severity

There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Elastic Storage System 3000, which could allow a remote attacker to inject arbitrary code in the system. ...read more