High Severity

Security Bulletin: Apache Commons as used by IBM QRadar SIEM is vulnerable to denial of service (CVE-2021-35515, CVE-2021-35516, CVE-2021-36090, CVE-2021-35517)

Share this post:

Apache Commons as used by IBM QRadar SIEM is vulnerable to denial of service. IBM has addressed the relevant CVEs.

CVE(s): CVE-2021-35515, CVE-2021-35516, CVE-2021-36090, CVE-2021-35517

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM QRadar SIEM v7.3 All BlueCoatWSSRESTAPI versions before 7.3.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.3-20220214173614
IBM QRadar SIEM v7.4 All BlueCoatWSSRESTAPI versions before 7.4.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.4-20220217192850
IBM QRadar SIEM v7.5 All BlueCoatWSSRESTAPI versions before 7.5.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.5-20220217192923

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6592779
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205304
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205306
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205310
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/205307

More stories

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Event Streams

September 30, 2022 | High Severity

There are a number of vulnerabilities in Node.js that is used by IBM Event Streams. ...read more

Security Bulletin: The IBM® Engineering Requirements Management DOORS/DWA fixes for Log4j vulnerabilities CVE-2021-4104

September 30, 2022 | High Severity

Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. The IBM® Engineering Requirements Management DOORS/DWA product versions 9.6.1.x, 9.7.0.x, 9.7.1.x and 9.7.2.x are vulnerable to this attack, it has been addressed in this bulletin. ...read more

Security Bulletin: Multiple Vulnerabilities in Rational Change Fix Pack 04 for 5.3.2

September 30, 2022 | High Severity

Vulnerabilities in the Jetty 9.4.42 and earlier component shipped with Rational Change may affect the security of the product. ...read more