High Severity

IBM Security Bulletin: IBM QRadar SIEM is vulnerable to XML External Entity Injection (CVE-2018-1730)

Share this post:

The product does not disable external XML Entity Processsing which can lead to information disclosure and denial of service attacks.

CVE(s): CVE-2018-1730

Affected product(s) and affected version(s):

IBM QRadar SIEM 7.2.0 to 7.2.8 Patch 13

IBM QRadar SIEM 7.3.0 to 7.3.1 Patch 6

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10742741&myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/147709

More stories

IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-s, 1801-t and 1801-u

Dec 8, 2018 9:01 am EST | High Severity

AT&T has released versions 1801-s, 1801-t and 1801-u for the Vyatta 5600. Details of this release can be found at https://console.bluemix.net/docs/infrastructure/virtual-router-appliance/vyatta-5600-security-fixes.html#at-t-vyatta-5600-vrouter-software-patches CVE(s): CVE-2018-10933, CVE-2018-16058, CVE-2018-16056, CVE-2018-10873, CVE-2018-6554, CVE-2018-18065, CVE-2018-16842, CVE-2018-16839, CVE-2018-16396, CVE-2018-16395, CVE-2018-16152, CVE-2018-16151, CVE-2018-17182, CVE-2018-16658, CVE-2018-16276, CVE-2018-15594, CVE-2018-15572, CVE-2018-14734, CVE-2018-14678, CVE-2018-14633, CVE-2018-14617, CVE-2018-14609, CVE-2018-13099, CVE-2018-10938, CVE-2018-10902, CVE-2018-9516, CVE-2018-9363 Affected product(s) and affected version(s): VRA ...read more


IBM Security Bulletin: Multiple vulnerabilities affect IBM Voice Gateway

Dec 8, 2018 9:01 am EST | High Severity

Multiple vulnerabilities affect IBM Voice Gateway CVE(s): CVE-2018-8039, CVE-2018-3721 Affected product(s) and affected version(s): IBM Voice Gateway V1.0.0.0 – V1.0.0.7 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10744553X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145516X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/144603 ...read more


IBM Security Bulletin: IBM QRadar Network Security is affected by a CPU vulnerability (CVE-2018-3620)

Dec 7, 2018 9:00 am EST | High Severity

IBM QRadar Network Security has addressed the following CPU vulnerability. CVE(s): CVE-2018-3620 Affected product(s) and affected version(s): IBM QRadar Network Security 5.4.0 IBM QRadar Network Security 5.5.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10732880X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148318 ...read more